Vino
Here are the logs you asked for.
Thanks
Dwight
Logfile of HijackThis v1.99.1
Scan saved at 10:27:28 AM, on 7/18/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\visitor1\Desktop\search13.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B8E508D-CAB2-460C-B73F-CA5E834E4408} - \
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60E5A847-67D5-3370-A33C-6FE33D9CFF98} - (no file)
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINNT\xhelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C97E72C8-E809-B9FC-7B91-B59EFB1007CB} - (no file)
O2 - BHO: (no name) - {D6162326-2095-40CC-92A7-0EB5AF6C249B} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\visitor1\Application Data\Microsoft\biodoslw.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredi ... xdm231YYUS
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
http://locator.cdn.imageservr.com
O15 - Trusted Zone:
http://scanner.sysprotect.com
O15 - Trusted Zone:
http://www.winantivirus.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone:
http://www.winantiviruspro.com
O15 - Trusted Zone:
http://download.cdn.winsoftware.com
O15 - Trusted IP range:
http://66.230.*.*
O15 - Trusted IP range:
http://66.235.*.*
O15 - Trusted IP range:
http://69.31.*.*
O15 - Trusted IP range:
http://69.50.*.*
O15 - Trusted IP range:
http://205.177.*.*
O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) -
http://iowacniceweb01.ic.ncs.com/icm/caller.cab
O20 - Winlogon Notify: sstss - sstss.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
"visitor1" - 2007-07-18 9:25:22 - ComboFix 07-07-17.8 - Service Pack 4
FAT32
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\tdhwvxik.dll
C:\WINNT\system32\rpdolxun.dll
C:\WINNT\system32\qxbtlkgt.dll
C:\WINNT\system32\bljapymn.dll
C:\WINNT\system32\lwowvahs.dll
C:\WINNT\system32\dtdaewmr.dll
C:\WINNT\system32\ovorxury.dll
C:\WINNT\system32\lixiblsh.dll
C:\WINNT\system32\qpmveebh.dll
C:\WINNT\system32\pxdjydbw.dll
C:\WINNT\system32\vqgqnvxi.dll
C:\WINNT\system32\hemhgykb.dll
C:\WINNT\system32\khdnrngr.dll
C:\WINNT\system32\anugmlaf.dll
C:\WINNT\system32\jmdeupcx.dll
C:\WINNT\system32\vbcnpuae.dll
C:\WINNT\system32\rwjvrgto.dll
C:\WINNT\system32\semkphnw.dll
C:\WINNT\system32\yokqqkmm.dll
C:\WINNT\system32\wspoxavn.dll
C:\WINNT\system32\gkiujkwp.dll
C:\WINNT\system32\skxkouom.dll
C:\WINNT\system32\offqekvh.dll
C:\WINNT\system32\dydiosap.dll
C:\WINNT\system32\ujuqswxa.dll
C:\WINNT\system32\jbvxsumg.dll
C:\WINNT\system32\gxvknhux.dll
C:\WINNT\system32\utcbincx.dll
C:\WINNT\system32\ybjbpbfw.dll
C:\WINNT\system32\ukmmpyxx.dll
C:\WINNT\system32\tqgvsbkj.dll
C:\WINNT\system32\ncvhtlog.dll
C:\WINNT\system32\aikgkfxh.dll
C:\WINNT\system32\mwaofwif.dll
C:\WINNT\system32\osvcysnj.dll
C:\WINNT\system32\kyytyfvi.dll
C:\WINNT\system32\kixvwhdt.ini
C:\WINNT\system32\nuxlodpr.ini
C:\WINNT\system32\tgkltbxq.ini
C:\WINNT\system32\nmypajlb.ini
C:\WINNT\system32\shavwowl.ini
C:\WINNT\system32\rmweadtd.ini
C:\WINNT\system32\yruxrovo.ini
C:\WINNT\system32\hslbixil.ini
C:\WINNT\system32\hbeevmpq.ini
C:\WINNT\system32\ixvnqgqv.ini
C:\WINNT\system32\bkyghmeh.ini
C:\WINNT\system32\rgnrndhk.ini
C:\WINNT\system32\falmguna.ini
C:\WINNT\system32\xcpuedmj.ini
C:\WINNT\system32\eaupncbv.ini
C:\WINNT\system32\otgrvjwr.ini
C:\WINNT\system32\mmkqqkoy.ini
C:\WINNT\system32\nvaxopsw.ini
C:\WINNT\system32\pwkjuikg.ini
C:\WINNT\system32\mouokxks.ini
C:\WINNT\system32\hvkeqffo.ini
C:\WINNT\system32\pasoidyd.ini
C:\WINNT\system32\axwsquju.ini
C:\WINNT\system32\gmusxvbj.ini
C:\WINNT\system32\xuhnkvxg.ini
C:\WINNT\system32\xcnibctu.ini
C:\WINNT\system32\wfbpbjby.ini
C:\WINNT\system32\xxypmmku.ini
C:\WINNT\system32\jkbsvgqt.ini
C:\WINNT\system32\golthvcn.ini
C:\WINNT\system32\hxfkgkia.ini
C:\WINNT\system32\fiwfoawm.ini
C:\WINNT\system32\jnsycvso.ini
C:\WINNT\system32\ivfytyyk.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\winlogon.exe . . . is infected!!
C:\DOCUME~1\visitor1\APPLIC~1.\crosof~1
C:\DOCUME~1\visitor1\APPLIC~1.\fnts~1
C:\DOCUME~1\visitor1\APPLIC~1.\fnts~2
C:\DOCUME~1\visitor1\APPLIC~1\Dxcknwrd.dll
C:\DOCUME~1\visitor1\APPLIC~1\WinTouch
C:\DOCUME~1\visitor1\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\visitor1\APPLIC~1\WinTouch\wintouch.cfg.147839767609dac0f91bbd39572996ce
C:\DOCUME~1\visitor1\APPLIC~1\WinTouch\WinTouch.exe
C:\DOCUME~1\visitor1\APPLIC~1\WinTouch\WTUninstaller.exe
C:\DOCUME~1\visitor1\MYDOCU~1.\scurit~1
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Program Files\Common Files\{363E1~1
C:\Program Files\Common Files\{463E1~1
C:\Program Files\Common Files\{463E1~2
C:\Program Files\Common Files\{463E1~3
C:\Program Files\Common Files\mantec~1
C:\Program Files\outerinfo
C:\Program Files\padsysassistant
C:\Program Files\padsysassistant\desktop.ini
C:\Program Files\padsysassistant\Uninstall.exe
C:\Program Files\sstem3~1
C:\Program Files\Ultimate Cleaner
C:\Program Files\winpop
C:\sstray.exe
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINNT\httpconf.dat
C:\WINNT\mirarsetup_876075.exe
C:\WINNT\rau001978.exe
C:\WINNT\system32\24987.exe
C:\WINNT\system32\3_exception.nls
C:\WINNT\system32\armrfc.sys
C:\WINNT\system32\bund1
C:\WINNT\system32\bund1\temp.txt
C:\WINNT\system32\cmd.com
C:\WINNT\system32\components
C:\WINNT\system32\components\flx0.dll
C:\WINNT\system32\components\flx33.dll
C:\WINNT\system32\components\flx35.dll
C:\WINNT\system32\components\flx36.dll
C:\WINNT\system32\components\flx38.dll
C:\WINNT\system32\components\flx39.dll
C:\WINNT\system32\components\flx40.dll
C:\WINNT\system32\drivers\core.cache.dsk
C:\WINNT\system32\explorer.exe
C:\WINNT\system32\kernels8.exe
C:\WINNT\system32\mmccrd.sys
C:\WINNT\system32\netstat.com
C:\WINNT\system32\ping.com
C:\WINNT\system32\RunOnce2.t__
C:\WINNT\system32\RunOnce2.tm_
C:\WINNT\system32\taskkill.com
C:\WINNT\system32\tasklist.com
C:\WINNT\system32\tracert.com
C:\WINNT\system32\winpfz32.sys
C:\WINNT\win320839117847292007.exe
C:\WINNT\xhelper.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ARMRFC
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\LEGACY_EXAMPLE
-------\LEGACY_MMCCRD
-------\LEGACY_NDNET1
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NET_AGENT
-------\LEGACY_NEW_DRV
-------\LEGACY_NTLDR.SYS
-------\LEGACY_POOF
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\cmdService
-------\kprof
-------\Net Agent
-------\new_drv
-------\ntldr.sys
-------\poof
((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))
2007-07-18 07:41 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-15 15:12 <DIR> d-------- C:\Program Files\CCleaner
2007-07-15 12:51 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-07-14 21:16 499,712 --a------ C:\WINNT\system32\msvcp71.dll
2007-07-14 21:16 26,944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-07-14 19:40 145,408 --a------ C:\WINNT\MSCONFIG.EXE
2007-07-14 19:25 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-14 19:09 3,840 --a------ C:\WINNT\system32\drivers\BANTExt.sys
2007-07-14 19:09 <DIR> d-------- C:\Program Files\Belarc
2007-07-14 16:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-14 15:57 <DIR> d-------- C:\WINNT\pss
2007-07-12 08:59 <DIR> d-------- C:\FOUND.202
2007-07-12 08:43 <DIR> d-------- C:\FOUND.201
2007-07-08 15:15 <DIR> d-------- C:\FOUND.200
2007-07-08 14:28 126 --a------ C:\WINNT\mocna.dll
2007-07-04 23:13 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-07-04 23:13 <DIR> d-------- C:\DOCUME~1\visitor1\APPLIC~1\TuneUp Software
2007-07-04 16:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
2007-07-04 15:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-03 19:13 <DIR> d-------- C:\FOUND.199
2007-07-03 19:03 159,744 --a------ C:\WINNT\system32\rm.exe
2007-07-03 19:02 32,768 --a------ C:\WINNT\system32\setup9x.exe
2007-07-03 18:59 <DIR> d-------- C:\FOUND.198
2007-07-03 18:31 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Yahoo!
2007-07-03 18:30 <DIR> d-------- C:\FOUND.197
2007-07-03 18:21 <DIR> d-------- C:\FOUND.196
2007-07-03 17:58 <DIR> d-------- C:\FOUND.195
2007-07-03 17:28 <DIR> d-------- C:\FOUND.194
2007-07-02 01:22 <DIR> d-------- C:\FOUND.193
2007-07-02 00:58 <DIR> d-------- C:\WINNT\BDOSCAN8
2007-07-02 00:35 549,720 --a------ C:\WINNT\system32\wuapi.dll
2007-07-02 00:35 43,352 --a------ C:\WINNT\system32\wups2.dll
2007-07-02 00:35 33,624 --a------ C:\WINNT\system32\wups.dll
2007-07-02 00:35 325,976 --a------ C:\WINNT\system32\wucltui.dll
2007-06-28 22:10 <DIR> d-------- C:\FOUND.192
2007-06-28 20:12 <DIR> d-------- C:\FOUND.191
2007-06-27 14:43 <DIR> d-------- C:\FOUND.190
2007-06-26 22:05 <DIR> d-------- C:\FOUND.189
2007-06-26 21:42 <DIR> d-------- C:\FOUND.188
2007-06-26 20:42 <DIR> d-------- C:\FOUND.187
2007-06-26 20:21 <DIR> d-------- C:\FOUND.186
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-08 04:45:56 181,008 ----a-w C:\WINNT\system32\winlogon.exe
2007-05-24 22:37:36 46,592 ----a-w C:\WINNT\zlbw.dll
2007-05-15 02:11:22 16,384 ----a-w C:\WINNT\system32\itdurpfm.dll
2007-04-30 04:18:48 167 ----a-w C:\5407.bat
2007-04-30 04:18:24 32,768 ----a-w C:\setup9x.exe
2007-04-30 03:46:34 1,516,850 --sh--w C:\WINNT\system32\vplyinbx.ini2
2007-04-30 03:11:30 167 ----a-w C:\6591.bat
2007-04-30 02:05:14 167 ----a-w C:\9758.bat
2007-04-28 07:22:58 339 ----a-w C:\WINNT\rrict.dll
2007-04-23 21:24:38 0 ----a-w C:\WINNT\system32\moviesdvds1176.exe
2007-04-23 21:18:14 25,637 ----a-w C:\WINNT\system32\update81085441.exe
2007-04-23 03:13:00 664 ----a-w C:\WINNT\system32\d3d9caps.dat
2007-04-23 03:12:00 984 ----a-w C:\WINNT\system32\d3d8caps.dat
2007-04-19 20:36:54 1,040,384 ----a-w C:\WINNT\system32\libeay32.dll
2007-04-19 20:36:14 196,608 ----a-w C:\WINNT\system32\ssleay32.dll
2007-01-21 09:39:40 0 ----a-w C:\Program Files\system spy server v1.0
2005-11-25 18:17:42 271 ---h--w C:\Program Files\desktop.ini
2005-11-25 18:17:42 21,952 ---h--w C:\Program Files\folder.htt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
07-03-20 14:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
03-11-03 14:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B8E508D-CAB2-460C-B73F-CA5E834E4408}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
05-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E5A847-67D5-3370-A33C-6FE33D9CFF98}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
C:\WINNT\xhelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
07-04-22 20:02 2403392 -ra------ c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C97E72C8-E809-B9FC-7B91-B59EFB1007CB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6162326-2095-40CC-92A7-0EB5AF6C249B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-07-14 21:16 ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 02:25 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SfKg6w"="C:\Documents and Settings\visitor1\Application Data\Microsoft\biodoslw.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06-11-30 21:49 ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=
"FlashPlayerUpdate"=C:\WINNT\System32\Macromed\Flash\GetFlash.exe
C:\DOCUME~1\visitor1\STARTM~1\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [07-05-30 05:29 ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstss]
sstss.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINNT\system32\jmdeupcx.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kigyk]
C:\WINNT\system32\otvgjt.exe reg_run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlaxjs]
C:\WINNT\system32\otvgjt.exe reg_run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\visitor1\Application Data\Microsoft\biodoslw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
mobsync.exe /logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit]
C:\Documents and Settings\visitor1\Application Data\ntos.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\visitor1\Application Data\WinTouch\WinTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TCP and UDP Supp0rt"=2 (0x2)
"SLService"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"Network Monitor"=2 (0x2)
"Net Agent"=2 (0x2)
"MsaSvc"=2 (0x2)
"Microsoft IEUpdater2"=2 (0x2)
"lxcg_device"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"dmadmin"=3 (0x3)
"C-DillaCdaC11BA"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Firefox"=C:\Program Files\Mozilla Firefox\firefox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LoadQM"=loadqm.exe
"PPClean RunOnce insertion"="C:\Program Files\Yahoo!\YPSR\ppclean.exe" "clean" "virtumonde" "2" "configreboot"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"outlook"=C:\Program Files\outlook\outlook.exe /auto
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Contents of the 'Scheduled Tasks' folder
2007-07-05 06:14:24 C:\WINNT\tasks\1-Click Maintenance.job
**************************************************************************
catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-07-18 09:31:57
Windows 5.0.2195 Service Pack 4 FAT NTAPI
scanning hidden processes ...
scanning hidden registry entries ...
disk error: C:\WINNT\system32\config\software
disk error: C:\Documents and Settings\visitor1\ntuser.dat
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-18 9:35:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-07-18 09:35
--- E O F ---