Zlob cpx downloader, desktop takeover...

IGG · 12-01-2007, 12:06 AM

They're trying to sell me the solution to my problems by steering me to Confident Surf.......

I appreciate any help that is forthcoming, I've taken a few steps to cleanse.... I ran AVG which had to quarrantine a whole archive, and won't let me get a report for some reason.

Also ran Smitfraudfix

SmitFraudFix v2.256

Scan done at 22:46:22.35, Wed 01/30/2008
Run from C:\Documents and Settings\JFNAM\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINNT\jokwmp.dll Deleted
C:\WINNT\popnetkqw.dll Deleted
C:\WINNT\privacy_danger\ Deleted
C:\WINNT\rmvgor.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{A5C3562C-2E5E-486A-BE0C-BAB1DCE8E850}]
C:\Program Files\RichVideoCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{233D8F23-E8C1-4AFF-8645-5F5B3F43E412}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{233D8F23-E8C1-4AFF-8645-5F5B3F43E412}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\..\{233D8F23-E8C1-4AFF-8645-5F5B3F43E412}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

here is the Hijack this AFTER running Smitfraud.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:04 PM, on 1/30/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\.DEFAULT\..\Run: [Sygatedsa Personal Firewall] ddoSygate.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.iwin.com/global/premium/p...2.1.0.0.48.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JFNAM\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINNT\system32\lxcgcoms.exe

--
End of file - 7248 bytes

Thank you for looking at my info, look forward to hearing from you all.

tetonbob · 12-04-2007, 10:20 AM

That looks pretty good, are you still having troubles?

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for AVAST users:

Please continue with the online scan at Panda. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database. You will need to temporarily disable Avast while running the Panda scan.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.

After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

IGG · 12-04-2007, 09:19 PM

Quote:

Originally Posted by tetonbob

That looks pretty good, are you still having troubles?

---------------------------------------------------------------------------------------------

Hi Tetonbob, thanks for taking a look.....actually I've not had any problems at all since running ATF cleaner (I should have listed that...sorry) and Smitfraud.

I'll work through your list of suggestions and post a new log when done.

Thanks again!

IGG · 12-06-2007, 07:13 PM

Deckard's System Scanner v20071014.68
Run by JFNAM on 2008-02-05 19:07:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as JFNAM.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:37 PM, on 2/5/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\lxcgcoms.exe
C:\Documents and Settings\JFNAM\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\JFNAM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\.DEFAULT\..\Run: [Sygatedsa Personal Firewall] ddoSygate.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.iwin.com/global/premium/p...2.1.0.0.48.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JFNAM\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINNT\system32\lxcgcoms.exe

--
End of file - 7586 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\winnt\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>

S2 windev-1444-1122 - c:\winnt\system32\windev-1444-1122.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 hpdj - c:\docume~1\jfnam\locals~1\temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3600 series -product= (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-01-31 13:57:07 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-01-05 and 2008-02-05 -----------------------------

2008-02-05 18:09:00 466026 ---h----- C:\WINNT\ShellIconCache
2008-02-05 18:03:29 0 d-------- C:\Program Files\Common Files\Java
2008-02-04 21:55:29 0 d-------- C:\WINNT\system32\ActiveScan
2008-01-31 13:57:04 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_360.dat
2008-01-30 22:51:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_20c.dat
2008-01-30 22:46:32 3574 --a------ C:\WINNT\system32\tmp.reg
2008-01-30 22:35:08 25600 --a------ C:\WINNT\system32\WS2Fix.exe
2008-01-30 22:35:08 289144 --a------ C:\WINNT\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-30 22:35:08 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-30 22:35:08 51200 --a------ C:\WINNT\system32\dumphive.exe
2008-01-30 22:35:07 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-30 21:21:49 0 d-------- C:\Documents and Settings\JFNAM\Application Data\Grisoft
2008-01-30 21:21:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 20:33:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_454.dat
2008-01-30 20:26:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_464.dat
2008-01-30 20:12:30 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_220.dat
2008-01-25 16:14:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1d4.dat
2008-01-25 03:51:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_21c.dat
2008-01-24 20:55:05 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1d0.dat
2008-01-24 18:26:51 0 d-------- C:\Program Files\Lavasoft
2008-01-24 18:26:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 18:25:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 11:27:47 0 d-------- C:\Documents and Settings\JFNAM\Application Data\Comodo
2008-01-24 11:27:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-24 11:24:42 0 d-------- C:\Program Files\Comodo
2008-01-23 14:45:26 81920 --a------ C:\WINNT\nethop.exe
2008-01-21 01:24:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f8.dat
2008-01-17 13:58:30 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2e4.dat

-- Find3M Report ---------------------------------------------------------------

2008-02-05 18

00 0 d-------- C:\Program Files\Java
2008-02-05 18:03:29 0 d-a------ C:\Program Files\Common Files
2008-02-04 22:48:00 0 d-------- C:\Program Files\QuickTime
2008-02-04 22:44:10 0 d-------- C:\Program Files\Lexmark 2300 Series
2008-02-04 22:42:32 0 d-------- C:\Program Files\iTunes
2008-02-04 21:51:21 0 d-------- C:\Program Files\Lx_cats
2008-01-30 20:58:47 0 d-------- C:\Program Files\Yahoo!
2008-01-21 22:18:00 0 d-------- C:\Documents and Settings\JFNAM\Application Data\FrostWire
2008-01-18 16:33:53 0 d-------- C:\Program Files\Picasa2

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/07 03:06a]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [12/17/02 11:40a]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe" [03/11/03 03:08a]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [12/02/02 08:56p]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/02 10:32p]
"LXCGCATS"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/20/05 10:48a]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [07/20/05 11:07p]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [08/01/05 05:05a]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [07/12/05 06:36a]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [01/12/07 07:36p]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/27/07 08:14p]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [01/24/08 11:24a]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/07 02:25a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 01:11a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [09/04/07 04:40p]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Sygatedsa Personal Firewall"=ddoSygate.exe
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2/11/2007 12:01:19 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2008-02-05 19:09:46 ------------

tetonbob · 12-06-2007, 07:28 PM

Hi, can you tell me why your clock appears to be set to 2008 ?

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:37 PM, on 2/5/2008

Please reset your clock to today's local time and date, and post a new log afterward.

IGG · 12-06-2007, 11:41 PM

Sorry...not sure what that was about.

Here's the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:26 PM, on 12/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\lxcgcoms.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\.DEFAULT\..\Run: [Sygatedsa Personal Firewall] ddoSygate.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.iwin.com/global/premium/p...2.1.0.0.48.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JFNAM\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINNT\system32\lxcgcoms.exe

--
End of file - 7551 bytes

tetonbob · 12-07-2007, 12:35 AM

Thanks...that was odd. I see a couple of problems still.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop
Disconnect from the internet....pull the plug!
Disable your AntiVirus and other protection applications, so that they don't interfere with ComboFix.
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall
Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Re-establish an internet connection.
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

IGG · 12-07-2007, 06:25 PM

Here is the Combofix log.

ComboFix 07-12-07.5 - JFNAM 12/07/2007 18:02:45.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.114 [GMT -7:00]
Running from: C:\Documents and Settings\JFNAM\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\dat.txt
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\dirty_dishes.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\foodtray.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\heart1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\heart2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\heart3.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\menu_down.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\menu_up.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\mop_prop.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\ticket.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\mainmenumusic.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\baby_cry.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\chef_cook1.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\closing_time.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\customer_ditch.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\dialog_down.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\dialog_up.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\drink_table.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\expert.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\highchair_deliver.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\highchair_pickup.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\keystroke2.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\level_lose.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\level_win.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\menu_click.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\menu_rollover.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\mop_pickup.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\mop_spill.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_menu_down.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\spill.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\table_drink.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\tip_2.ogg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\flo_lose.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\flo_win.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\fullscreendialog.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\high_score_menu_bg.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\levelintro.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\levelintro.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\levelover.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\longdialog.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\longdialog.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\mainmenu.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\mainmenu_logo.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\popup.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\popup.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\textfield.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\upgrade_lines.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowdown_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowdown_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowdown_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowup_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowup_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowup_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\checkbox_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\checkbox_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\checkbox_rotated_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\checkbox_rotated_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\decor_highlight.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\decor_normal.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\decor_selected.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_large_1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_large_2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_large_3.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_small_1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_small_2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_small_3.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a3.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\left_arrow_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\left_arrow_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\left_arrow_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button1_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button1_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button1_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button1_mask.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button2_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button2_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button2_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button2_mask.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\map_button_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\map_button_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\map_button_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\right_arrow_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\right_arrow_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\right_arrow_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\upgrade_down.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\upgrade_over.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\upgrade_up.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\welcome_player.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\actionpoints.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\career.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\customer.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\endless.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\global.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\powerups.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cook\stove.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\arrow.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\click.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\click2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\grab.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\open.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\anim.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\anim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\blue_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\legs.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\red_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\anim.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\anim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\blue_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\legs.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\red_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\anim.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\anim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\baby.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\baby.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\blue_baby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\blue_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\legs.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\red_baby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\red_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\anim.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\anim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\blue_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\legs.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\red_legs.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\idle.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\idle.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\lower.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\lower.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\upper.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\upper.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\fonts\mercurius.mvec
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\bench.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\bench.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\blue_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\chair.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\chair.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\dirt2top.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\dirt4top.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\dishcart.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\dishcart.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\green_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\highchair_prop_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\highchair_prop_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\highchairbaby.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\highchairbaby.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\luxury_bench.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\luxury_bench.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\mop_station_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\mop_station_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\mop_station_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\podium.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\podium_heart.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\podium_heart.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\purple_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\radio.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\red_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\spill.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\spill.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\stereo.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\ticketstation.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\ticketstation.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\yellow_highchairbaby.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\family.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help_dividerline.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help1_colormatch1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help1_colormatch2.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help1_noise.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help1_score.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_cleardishes.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_givecheck.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_pickupfood.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_servefood.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_takeorder.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\hiscore\local-hs-bb.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\hiscore\p1icon.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_1.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_2.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_3.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_4.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_5.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_6.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\endless_1_1.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\endless_1_1_a.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\endless_1_1_b.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\endless_1_1_c.bin
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\playfirstlogo.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\background.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\blue.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\green.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\green.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\grey.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\red.pal
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\food\cup1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\food\food.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\food\food.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\frames\2_0.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\frames\2_1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\people\cook.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\people\cook.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\props\cup_prop1.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\tables\2top.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\tables\2top.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\tables\4top.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\tables\4top.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\upgrades.xml
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\tableshadow.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\careerupgrade.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\choosedifficulty.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\closeconfirm.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\entername.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\game.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\getmoregames.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\help1.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\help2.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\hiscore.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\hiscoreinfo.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\hiscoresubmit.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\levelintro.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\levelover.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\loading.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\mainloop.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\mainmenu.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\ok.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\pause.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\style.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\upgrade.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\upsell.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\yesno.lua
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\splash\aol_logo.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\splash\playfirst_logo.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\strings.xml
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\angersmoke.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\angersmoke.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\bubbles\request_bubble.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\bubbles\request_mop.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\bubbles\request_rejectmeal.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\chairflags.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\chairflags.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\check.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\checkmark.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\closed.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\coinflip.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\coinflip.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\decor_lines.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\dollar.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\expert.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\foodpoof.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\foodpoof.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\heartgrow.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\heartgrow.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\jar.anm
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\jar.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\lives_icon.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\noisering.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_d.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_e.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_f.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\tablenumber_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\tablenumber_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\traynumber.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\tutorialarrow.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\tutorialbox.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\ui_base.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\ui_hand.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\ui_timer_off.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\ui_timer_on.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgradeanim.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_bench_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_bench_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_bench_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_oven_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_oven_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_oven_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_podium_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_podium_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_podium_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_powerbars_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_powerbars_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_powerbars_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_radio_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_radio_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_radio_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_stereo_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_stereo_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_stereo_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_table_a.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_table_b.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_table_c.png
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\upsell\dd1.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\upsell\dd2.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\upsell\dd3.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\upsell\dd4.jpg
C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\dinerdash2.exe
C:\WINNT\rs.txt
C:\WINNT\search_res.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINDEV-1444-1122
-------\windev-1444-1122

((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 01:06 --------- d-----w C:\Program Files\Java
2008-02-06 01:03 --------- d-----w C:\Program Files\Common Files\Java
2008-02-05 05:48 --------- d-----w C:\Program Files\QuickTime
2008-02-05 05:44 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-02-05 05:42 --------- d-----w C:\Program Files\iTunes
2008-02-05 04:51 --------- d-----w C:\Program Files\Lx_cats
2008-01-31 04:21 --------- d-----w C:\Documents and Settings\JFNAM\Application Data\Grisoft
2008-01-31 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 03:58 --------- d-----w C:\Program Files\Yahoo!
2008-01-25 01:26 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 01:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 18:27 --------- d-----w C:\Documents and Settings\JFNAM\Application Data\Comodo
2008-01-24 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-24 18:24 --------- d-----w C:\Program Files\Comodo
2008-01-22 05:18 --------- d-----w C:\Documents and Settings\JFNAM\Application Data\FrostWire
2008-01-18 23:33 --------- d-----w C:\Program Files\Picasa2
2007-11-23 18:14 81,920 ----a-w C:\WINNT\nethop.exe
2007-11-14 23:51 --------- d-----w C:\Documents and Settings\JFNAM\Application Data\AdobeUM
2007-11-03 17:53 --------- d-----w C:\Program Files\Apple Software Update
2007-11-03 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-27 00:39 --------- d-----w C:\Program Files\MSN Messenger
2007-10-22 07:12 --------- d-----w C:\Program Files\Opera
2007-10-04 06:36 25,600 ----a-w C:\WINNT\system32\WS2Fix.exe
2007-06-10 15:53 1,916,965 ----a-w C:\Documents and Settings\JFNAM\sbsetup.exe
2007-02-13 23:16 6,176,707 ----a-w C:\Program Files\frostwire-4.13.1.5.windows.exe
2006-08-23 04:56 271 ---h--w C:\Program Files\desktop.ini
2006-08-23 04:56 21,952 ---h--w C:\Program Files\folder.htt
2002-07-24 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07-09-04 16:40 ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-09-06 03:06 ]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [02-12-17 11:40 ]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe" [03-03-11 03:08 ]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [02-12-02 20:56 ]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02-02-04 22:32 ]
"LXCGCATS"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [05-07-20 10:48 ]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [05-07-20 23:07 ]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [05-08-01 05:05 ]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [05-07-12 06:36 ]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [07-01-12 19:36 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07-07-27 20:14 ]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [08-01-24 11:24 ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 02:25 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 01:11 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sygatedsa Personal Firewall"="ddoSygate.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [07-09-27 18:17 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-02-11 00:01:19]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56]

R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys
R3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;C:\WINNT\system32\DRIVERS\lne100tx.sys

.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 20:57:07 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
------------------

PROCESS: C:\WINNT\Explorer.EXE [5.00.3700.6690]
-> C:\DOCUME~1\JFNAM\LOCALS~1\Temp\yqhnorrwD725B18.dll
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 18:09:08
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 18:10:54 - machine was rebooted
.
--- E O F ---

IGG · 12-07-2007, 06:31 PM

And the latest HJT log.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:53 PM, on 12/7/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\lxcgcoms.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\.DEFAULT\..\Run: [Sygatedsa Personal Firewall] ddoSygate.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.iwin.com/global/premium/p...2.1.0.0.48.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JFNAM\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINNT\system32\lxcgcoms.exe

--
End of file - 7493 bytes

tetonbob · 12-07-2007, 06:45 PM

P2P - I see you have had P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O4 - HKUS\.DEFAULT\..\Run: [Sygatedsa Personal Firewall] ddoSygate.exe (User 'Default user')

Close HijackThis now.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

IGG · 12-08-2007, 03:16 AM

Quote:

Originally Posted by tetonbob

P2P - I see you have had P2P software ( BitTorrent ) installed on your machine.
---------------------------------------------------------------------------------------------

I actually removed that a few weeks ago....it didn't show up in my program files at any rate....

Here's the latest.

file of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:26 AM, on 12/8/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\lxcgcoms.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.iwin.com/global/premium/p...2.1.0.0.48.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JFNAM\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINNT\system32\lxcgcoms.exe

--
End of file - 7346 bytes

tetonbob · 12-08-2007, 08:35 AM

Hi, do you have the log from Kaspersky?

IGG · 12-08-2007, 12:27 PM

Quote:

Originally Posted by tetonbob

Hi, do you have the log from Kaspersky?

Well, this is what i get for doing things at 3:00 am.....the log saved in HTML format, with all the code in the text. Is there some way to save it, or do I need to run a whole new scan?

Unless you think you can read through it??

tetonbob · 12-08-2007, 12:51 PM

Hi, zip it up and attach it. I'll convert it to txt...or you can open it, copy the data from it, save as .txt, and then copy/paste the info in a new reply....either way,

IGG · 12-10-2007, 08:42 PM

Hopefully you can re-save it correctly.....I seem to be unworthy.

File is attached.

Quote:

Edit:

No problem. I saved it as html, copied the data, and converted it to txt again.

A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 49440
Number of viruses found 1
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 01:41:56

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\JFNAM\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4F4RWJIF\MyFunCardsFWBInitialSetup1.0.0.15-3[1].cab/f3Setup1.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.aw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JFNAM\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4F4RWJIF\MyFunCardsFWBInitialSetup1.0.0.15-3[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Personal Firewall\Logs\cpf.lock Object is locked skipped
C:\Documents and Settings\JFNAM\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\JFNAM\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\JFNAM\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\JFNAM\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\JFNAM\Local Settings\Temp\hpotdd001.log Object is locked skipped
C:\Documents and Settings\JFNAM\Local Settings\Temp\~DFF12F.tmp Object is locked skipped
C:\Documents and Settings\JFNAM\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\JFNAM\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\JFNAM\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\Antivirus.Evt Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\Perflib_Perfdata_20c.dat Object is locked skipped
C:\WINNT\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
Scan process completed.

tetonbob · 12-10-2007, 09:22 PM

The only items found by Kaspersky will be addressed by uninstalling Combofix in the manner proscribed below.

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here

IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
FIREWALL
If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

IGG · 12-11-2007, 09:29 PM

Well, I can't thank you enough for your expertise.

In your opinion, Spyware blaster and Spybot search and destroy will have enough real time protection to keep the riffraff out? It seemed to me when I was shopping around that it was only the paid licensing that promised real time protection past say, a 30 day trial.....I'd be glad to find out differently.

Once again, Thank you. The sheer volume of problems being created online has got to seem like a no win situation at times, and I'm glad you guys persevere.

tetonbob · 12-11-2007, 09:56 PM

On my machines, I use SpywareGuard, SpywareBlaster, Spybot S&D, IE-Spyad and the MVPS hosts file, as well as an AV and firewall. It's a nice, free, multi-layered approach.

I never get infected, but I don't do any risky behavior, either, unless I'm trolling for samples.

Hope that helps.

Thanks for the kind words. Stay safe out there.

Read this also:

http://users.telenet.be/bluepatchy/m...revention.html

12-01-2007, 12:06 AM	#1 (permalink)
IGG Registered User Join Date: Nov 2007 Posts: 10 OS: 2000 PRO sp4	Zlob cpx downloader, desktop takeover... They're trying to sell me the solution to my problems by steering me to Confident Surf....... I appreciate any help that is forthcoming, I've taken a few steps to cleanse.... I ran AVG which had to quarrantine a whole archive, and won't let me get a report for some reason. Also ran Smitfraudfix SmitFraudFix v2.256 Scan done at 22:46:22.35, Wed 01/30/2008 Run from C:\Documents and Settings\JFNAM\Desktop\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINNT\jokwmp.dll Deleted C:\WINNT\popnetkqw.dll Deleted C:\WINNT\privacy_danger\ Deleted C:\WINNT\rmvgor.dll Deleted Deleting [HKEY_CLASSES_ROOT\CLSID\{A5C3562C-2E5E-486A-BE0C-BAB1DCE8E850}] C:\Program Files\RichVideoCodec\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{233D8F23-E8C1-4AFF-8645-5F5B3F43E412}: DhcpNameServer=205.171.2.65 205.171.3.65 HKLM\SYSTEM\CS1\Services\Tcpip\..\{233D8F23-E8C1-4AFF-8645-5F5B3F43E412}: DhcpNameServer=205.171.2.65 205.171.3.65 HKLM\SYSTEM\CS2\Services\Tcpip\..\{233D8F23-E8C1-4AFF-8645-5F5B3F43E412}: DhcpNameServer=205.171.2.65 205.171.3.65 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End here is the Hijack this AFTER running Smitfraud. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:53:04 PM, on 1/30/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\Program Files\Napster\napster.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\.DEFAULT\..\Run: [Sygatedsa Personal Firewall] ddoSygate.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.iwin.com/global/premium/p...2.1.0.0.48.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JFNAM\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcg_device - - C:\WINNT\system32\lxcgcoms.exe -- End of file - 7248 bytes Thank you for looking at my info, look forward to hearing from you all.

12-04-2007, 10:20 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,176 OS: 2000 Pro; XP Pro; XP Home	Re: Zlob cpx downloader, desktop takeover... That looks pretty good, are you still having troubles? Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for AVAST users: Please continue with the online scan at Panda. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database. You will need to temporarily disable Avast while running the Panda scan. --------------------------------------------------------------------------------------------- Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version. After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

12-06-2007, 11:41 PM	#6 (permalink)
IGG Registered User Join Date: Nov 2007 Posts: 10 OS: 2000 PRO sp4	Re: Zlob cpx downloader, desktop takeover... Sorry...not sure what that was about. Here's the new log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:26 PM, on 12/6/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINNT\system32\lxcgcoms.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\.DEFAULT\..\Run: [Sygatedsa Personal Firewall] ddoSygate.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.iwin.com/global/premium/p...2.1.0.0.48.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JFNAM\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcg_device - - C:\WINNT\system32\lxcgcoms.exe -- End of file - 7551 bytes

12-07-2007, 12:35 AM	#7 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,176 OS: 2000 Pro; XP Pro; XP Home	Re: Zlob cpx downloader, desktop takeover... Thanks...that was odd. I see a couple of problems still. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe * IMPORTANT !!! Place combofix.exe on your Desktop Disconnect from the internet....pull the plug! Disable your AntiVirus and other protection applications, so that they don't interfere with ComboFix. Go to -> Run -> paste in the following single line command & click OK "%userprofile%\desktop\combofix.exe" /killall Follow the prompts. Type "1" and press Enter to begin the scan. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Re-establish an internet connection. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

12-07-2007, 06:25 PM	#8 (permalink)
IGG Registered User Join Date: Nov 2007 Posts: 10 OS: 2000 PRO sp4	Re: Zlob cpx downloader, desktop takeover... Here is the Combofix log. ComboFix 07-12-07.5 - JFNAM 12/07/2007 18:02:45.1 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.114 [GMT -7:00] Running from: C:\Documents and Settings\JFNAM\desktop\combofix.exe Command switches used :: /killall . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\dat.txt C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48 C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55 C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\dirty_dishes.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\foodtray.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\heart1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\heart2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\heart3.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\menu_down.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\menu_up.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\mop_prop.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\accessories\ticket.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\cafe\cafe_music_a1.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\cafe\cafe_music_a2.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\cafe\cafe_music_a3.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\cafe\cafe_music_a4.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\music\mainmenumusic.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\baby_cry.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\chef_cook1.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\closing_time.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\customer_ditch.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\dialog_down.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\dialog_up.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\drink_table.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\expert.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\highchair_deliver.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\highchair_pickup.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\keystroke2.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\level_lose.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\level_win.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\menu_click.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\menu_rollover.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\mop_pickup.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\mop_spill.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_bring_check_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_deliver_food_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_dropoff_drinks_1.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_food_ready_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_gain_heart_1.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_get_drinks_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_menu_down.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_party_arrive_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_pencil_write_2.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_pickup_food_1_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\sfx_seat_people_snd.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\spill.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\table_drink.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\audio\sfx\tip_2.ogg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\flo_lose.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\flo_win.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\fullscreendialog.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\high_score_menu_bg.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\levelintro.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\levelintro.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\levelover.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\longdialog.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\longdialog.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\mainmenu.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\mainmenu_logo.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\popup.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\popup.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\textfield.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\backgrounds\upgrade_lines.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowdown_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowdown_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowdown_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowup_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowup_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\arrowup_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\checkbox_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\checkbox_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\checkbox_rotated_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\checkbox_rotated_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\decor_highlight.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\decor_normal.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\decor_selected.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_large_1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_large_2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_large_3.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_small_1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_small_2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a_small_3.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\dialog_button_a3.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\left_arrow_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\left_arrow_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\left_arrow_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button1_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button1_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button1_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button1_mask.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button2_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button2_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button2_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\main_menu_button2_mask.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\map_button_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\map_button_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\map_button_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\right_arrow_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\right_arrow_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\right_arrow_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\upgrade_down.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\upgrade_over.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\upgrade_up.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\buttons\welcome_player.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\actionpoints.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\career.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\customer.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\endless.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\global.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\config\powerups.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cook\stove.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\arrow.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\click.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\click2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\grab.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\cursor\open.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\anim.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\anim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\blue_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\legs.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\dad_male\red_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\anim.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\anim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\blue_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\legs.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\kid_male\red_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\anim.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\anim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\baby.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\baby.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\blue_baby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\blue_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\legs.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\red_baby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\mom_female\red_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\anim.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\anim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\blue_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\legs.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\customers\young_female\red_legs.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\idle.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\idle.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\lower.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\lower.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\upper.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\flo\upper.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\fonts\mercurius.mvec C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\bench.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\bench.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\blue_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\chair.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\chair.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\dirt2top.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\dirt4top.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\dishcart.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\dishcart.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\green_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\highchair_prop_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\highchair_prop_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\highchairbaby.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\highchairbaby.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\luxury_bench.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\luxury_bench.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\mop_station_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\mop_station_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\mop_station_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\podium.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\podium_heart.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\podium_heart.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\purple_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\radio.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\red_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\spill.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\spill.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\stereo.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\ticketstation.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\ticketstation.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\furniture\yellow_highchairbaby.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\family.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help_dividerline.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help1_colormatch1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help1_colormatch2.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help1_noise.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help1_score.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_cleardishes.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_givecheck.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_pickupfood.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_servefood.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\help\help2_takeorder.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\hiscore\local-hs-bb.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\hiscore\p1icon.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_1.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_2.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_3.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_4.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_5.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\career_1_6.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\endless_1_1.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\endless_1_1_a.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\endless_1_1_b.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\layouts\endless_1_1_c.bin C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\playfirstlogo.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\background.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\blue.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\green.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\green.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\grey.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\chairs\red.pal C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\food\cup1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\food\food.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\food\food.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\frames\2_0.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\frames\2_1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\furniture\drinkstation1_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\furniture\drinkstation1_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\furniture\drinkstation1_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\people\cook.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\people\cook.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\props\cup_prop1.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\tables\2top.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\tables\2top.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\tables\4top.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\tables\4top.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\cafe\upgrades.xml C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\restaurants\tableshadow.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\careerupgrade.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\choosedifficulty.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\closeconfirm.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\entername.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\game.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\getmoregames.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\help1.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\help2.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\hiscore.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\hiscoreinfo.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\hiscoresubmit.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\levelintro.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\levelover.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\loading.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\mainloop.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\mainmenu.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\ok.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\pause.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\style.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\upgrade.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\upsell.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\scripts\yesno.lua C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\splash\aol_logo.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\splash\playfirst_logo.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\strings.xml C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\angersmoke.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\angersmoke.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\bubbles\request_bubble.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\bubbles\request_mop.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\bubbles\request_rejectmeal.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\chairflags.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\chairflags.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\check.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\checkmark.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\closed.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\coinflip.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\coinflip.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\decor_lines.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\dollar.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\expert.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\foodpoof.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\foodpoof.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\heartgrow.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\heartgrow.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\jar.anm C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\jar.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\lives_icon.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\noisering.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_d.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_e.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_f.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\tablenumber_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\tablenumber_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\traynumber.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\tutorialarrow.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\tutorialbox.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\ui_base.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\ui_hand.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\ui_timer_off.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\ui_timer_on.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgradeanim.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_bench_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_bench_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_bench_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_drink_station1_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_drink_station1_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_drink_station1_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_luxury_bench_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_luxury_bench_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_luxury_bench_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_oven_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_oven_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_oven_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_podium_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_podium_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_podium_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_powerbars_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_powerbars_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_powerbars_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_radio_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_radio_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_radio_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_stereo_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_stereo_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_stereo_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_table_a.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_table_b.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_table_c.png C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\upsell\dd1.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\upsell\dd2.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\upsell\dd3.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\assets\upsell\dd4.jpg C:\WINNT\Downloaded Program Files\DinerDash2.1.0.0.55\dinerdash2.exe C:\WINNT\rs.txt C:\WINNT\search_res.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_WINDEV-1444-1122 -------\windev-1444-1122 ((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-06 01:06 --------- d-----w C:\Program Files\Java 2008-02-06 01:03 --------- d-----w C:\Program Files\Common Files\Java 2008-02-05 05:48 --------- d-----w C:\Program Files\QuickTime 2008-02-05 05:44 --------- d-----w C:\Program Files\Lexmark 2300 Series 2008-02-05 05:42 --------- d-----w C:\Program Files\iTunes 2008-02-05 04:51 --------- d-----w C:\Program Files\Lx_cats 2008-01-31 04:21 --------- d-----w C:\Documents and Settings\JFNAM\Application Data\Grisoft 2008-01-31 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-31 03:58 --------- d-----w C:\Program Files\Yahoo! 2008-01-25 01:26 --------- d-----w C:\Program Files\Lavasoft 2008-01-25 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-25 01:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-24 18:27 --------- d-----w C:\Documents and Settings\JFNAM\Application Data\Comodo 2008-01-24 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo 2008-01-24 18:24 --------- d-----w C:\Program Files\Comodo 2008-01-22 05:18 --------- d-----w C:\Documents and Settings\JFNAM\Application Data\FrostWire 2008-01-18 23:33 --------- d-----w C:\Program Files\Picasa2 2007-11-23 18:14 81,920 ----a-w C:\WINNT\nethop.exe 2007-11-14 23:51 --------- d-----w C:\Documents and Settings\JFNAM\Application Data\AdobeUM 2007-11-03 17:53 --------- d-----w C:\Program Files\Apple Software Update 2007-11-03 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-27 00:39 --------- d-----w C:\Program Files\MSN Messenger 2007-10-22 07:12 --------- d-----w C:\Program Files\Opera 2007-10-04 06:36 25,600 ----a-w C:\WINNT\system32\WS2Fix.exe 2007-06-10 15:53 1,916,965 ----a-w C:\Documents and Settings\JFNAM\sbsetup.exe 2007-02-13 23:16 6,176,707 ----a-w C:\Program Files\frostwire-4.13.1.5.windows.exe 2006-08-23 04:56 271 ---h--w C:\Program Files\desktop.ini 2006-08-23 04:56 21,952 ---h--w C:\Program Files\folder.htt 2002-07-24 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07-09-04 16:40 ] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-09-06 03:06 ] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [02-12-17 11:40 ] "HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe" [03-03-11 03:08 ] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [02-12-02 20:56 ] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02-02-04 22:32 ] "LXCGCATS"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [05-07-20 10:48 ] "lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [05-07-20 23:07 ] "EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [05-08-01 05:05 ] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [05-07-12 06:36 ] "NapsterShell"="C:\Program Files\Napster\napster.exe" [07-01-12 19:36 ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07-07-27 20:14 ] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [08-01-24 11:24 ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 02:25 ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 01:11 ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sygatedsa Personal Firewall"="ddoSygate.exe" [] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [07-09-27 18:17 ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-02-11 00:01:19] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56] R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys R3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;C:\WINNT\system32\DRIVERS\lne100tx.sys . Contents of the 'Scheduled Tasks' folder "2008-01-31 20:57:07 C:\WINNT\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ------------------ PROCESS: C:\WINNT\Explorer.EXE [5.00.3700.6690] -> C:\DOCUME~1\JFNAM\LOCALS~1\Temp\yqhnorrwD725B18.dll . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-07 18:09:08 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-07 18:10:54 - machine was rebooted . --- E O F ---

12-07-2007, 06:31 PM	#9 (permalink)
IGG Registered User Join Date: Nov 2007 Posts: 10 OS: 2000 PRO sp4	Re: Zlob cpx downloader, desktop takeover... And the latest HJT log..... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:27:53 PM, on 12/7/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINNT\system32\lxcgcoms.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\.DEFAULT\..\Run: [Sygatedsa Personal Firewall] ddoSygate.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.iwin.com/global/premium/p...2.1.0.0.48.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JFNAM\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcg_device - - C:\WINNT\system32\lxcgcoms.exe -- End of file - 7493 bytes

12-07-2007, 06:45 PM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,176 OS: 2000 Pro; XP Pro; XP Home	Re: Zlob cpx downloader, desktop takeover... P2P - I see you have had P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here and here. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O4 - HKUS\.DEFAULT\..\Run: [Sygatedsa Personal Firewall] ddoSygate.exe (User 'Default user') Close HijackThis now. --------------------------------------------------------------------------------------------- Please run this online scan to help look for remnants. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

12-08-2007, 08:35 AM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,176 OS: 2000 Pro; XP Pro; XP Home	Re: Zlob cpx downloader, desktop takeover... Hi, do you have the log from Kaspersky? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

12-08-2007, 12:51 PM	#14 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,176 OS: 2000 Pro; XP Pro; XP Home	Re: Zlob cpx downloader, desktop takeover... Hi, zip it up and attach it. I'll convert it to txt...or you can open it, copy the data from it, save as .txt, and then copy/paste the info in a new reply....either way, __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

12-10-2007, 09:22 PM	#16 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,176 OS: 2000 Pro; XP Pro; XP Home	Re: Zlob cpx downloader, desktop takeover... The only items found by Kaspersky will be addressed by uninstalling Combofix in the manner proscribed below. Your logs appear clean.You should be good to go. We still have a few items to address. Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. Do not install more than one AntiVirus program because they will conflict with each other. FIREWALL If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here Do not install more than one firewall program because they will conflict with each other. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety. http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

12-11-2007, 09:29 PM	#17 (permalink)
IGG Registered User Join Date: Nov 2007 Posts: 10 OS: 2000 PRO sp4	Re: Zlob cpx downloader, desktop takeover... Well, I can't thank you enough for your expertise. In your opinion, Spyware blaster and Spybot search and destroy will have enough real time protection to keep the riffraff out? It seemed to me when I was shopping around that it was only the paid licensing that promised real time protection past say, a 30 day trial.....I'd be glad to find out differently. Once again, Thank you. The sheer volume of problems being created online has got to seem like a no win situation at times, and I'm glad you guys persevere.

12-11-2007, 09:56 PM	#18 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,176 OS: 2000 Pro; XP Pro; XP Home	Re: Zlob cpx downloader, desktop takeover... On my machines, I use SpywareGuard, SpywareBlaster, Spybot S&D, IE-Spyad and the MVPS hosts file, as well as an AV and firewall. It's a nice, free, multi-layered approach. I never get infected, but I don't do any risky behavior, either, unless I'm trolling for samples. Hope that helps. Thanks for the kind words. Stay safe out there. Read this also: http://users.telenet.be/bluepatchy/m...revention.html __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009