Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] HJT application


  • This topic is locked This topic is locked
12 replies to this topic

#1 krukoss

krukoss

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 01 January 2008 - 07:59 AM

Hello, I am having trouble with installing HJT on my computer. I got a window error messsage " Windows cannot open this file," Please help me out. Thank you.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 January 2008 - 08:04 AM

Hello and Welcome to the Forum.

What link were you using to install HJT?

Try this one.

Please delete any HijackThis Folders and Files you have now.

There's a new version of HijackThis.


Click the "Save" button.

Please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT.

Open HijackThis and select: Do a system scan and save a log file.

When the scan is finished, Click Edit> Select All> Edit> Copy> and paste its contents here [Add Reply].


Please use the Posted Image Button below to post the new HJT log and report.txt

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 krukoss

krukoss

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 01 January 2008 - 08:12 AM

Hi LDT thanks for the fast rescue. Here is the log file

Logfile of HijackThis v1.99.1
Scan saved at 12:42:43 PM, on 1/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dllmgr64.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sysmgr64.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet .exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Norman\Npm\bin\ZLH .EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray .exe
C:\WINDOWS\System32\mstskmgr.exe
C:\WINDOWS\System32\wbcmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\mstskmgr .exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\spool.exe
C:\WINDOWS\System32\mmdmm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ashleytisdale.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\jkhhh.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKLM\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\scricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [MS Task Manager 32] C:\WINDOWS\System32\mstskmgr .exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\RunServices: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\scricon.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Lsass Center] telecomes.exe
O4 - HKCU\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKCU\..\RunServices: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm490YYSG
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nurina\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-416895d34...ad/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst...tg.1.0.0.32.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse...zylomplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse...s/DinerDash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D736796B-FC39-4FAE-B170-15BDE34F8B78}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: CDRecorder031 - {A3BC5E20-0235-1ABF-9CE1-00AA00512031} - C:\WINDOWS\System32\ouneqf32.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: dllmgr64 - Unknown owner - C:\WINDOWS\dllmgr64.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe (file missing)
O23 - Service: Local Debug Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\windowsb.exe (file missing)
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Remote Access Monitor - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Remote Reader Machine - Unknown owner - C:\WINDOWS\system32\ssmc.exe (file missing)
O23 - Service: Remote Shell Reader - Unknown owner - C:\WINDOWS\system32\syscv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing)
O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\system\smss.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe
O23 - Service: Task Restore Service - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Terminal Device Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Plugin Application - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows Restore Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 January 2008 - 08:13 AM

What link were you using to install HJT? We need to know if we have a link that isn't working.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 January 2008 - 08:18 AM

Why haven't you updated to XP SP2?


I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Open the HijackThis Folder. Find the file HijackThis.exe, Right Click on the file and Select Rename. Rename Hijackthis.exe to Spyware.exe.


ONLY after doing the above:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.


Next:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#6 krukoss

krukoss

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 01 January 2008 - 09:29 AM

I downloaded the first HJT from this link ' http://www.whatthete...m/hijackthis_v2 '

and from the download button at the main page.


Btw here are the new after the Vundo removal


Logfile of HijackThis v1.99.1
Scan saved at 12:00:58 PM, on 1/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dllmgr64.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sysmgr64.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet .exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Norman\Npm\bin\ZLH .EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray .exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\wbcmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\mmdmm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ashleytisdale.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\jkhhh.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKLM\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\scricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [MS Task Manager 32] C:\WINDOWS\System32\mstskmgr .exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\Run: [884d121a] rundll32.exe "C:\WINDOWS\System32\yocxiapt.dll",b
O4 - HKLM\..\RunServices: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\scricon.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Lsass Center] telecomes.exe
O4 - HKCU\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKCU\..\RunServices: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm490YYSG
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nurina\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-416895d34...ad/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst...tg.1.0.0.32.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse...zylomplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse...s/DinerDash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D736796B-FC39-4FAE-B170-15BDE34F8B78}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: CDRecorder031 - {A3BC5E20-0235-1ABF-9CE1-00AA00512031} - C:\WINDOWS\System32\ouneqf32.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: dllmgr64 - Unknown owner - C:\WINDOWS\dllmgr64.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe (file missing)
O23 - Service: Local Debug Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\windowsb.exe (file missing)
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Remote Access Monitor - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Remote Reader Machine - Unknown owner - C:\WINDOWS\system32\ssmc.exe (file missing)
O23 - Service: Remote Shell Reader - Unknown owner - C:\WINDOWS\system32\syscv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing)
O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\system\smss.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe
O23 - Service: Task Restore Service - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Terminal Device Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Plugin Application - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows Restore Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE


Here is the Vundo Fix log:

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 12:14:56 PM 1/1/2008

Listing files found while scanning....

C:\Documents and settings\Nurina\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Nurina\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqn.exe
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtqq.exe
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtsp.exe
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.exe
C:\WINDOWS\System32\awtsrsr.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\awvtt.exe
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\bjymptsr.dll
C:\WINDOWS\System32\cbxwtrr.dll
C:\WINDOWS\system32\ccuvpipw.dll
C:\WINDOWS\system32\cksvvmei.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddabc.exe
C:\WINDOWS\system32\ddabx.exe
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.exe
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddccb.exe
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.exe
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\gebyw.exe
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.exe
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geeda.exe
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.exe
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\geedc.exe
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\System32\gfhkj.bak1
C:\WINDOWS\System32\gfhkj.bak2
C:\WINDOWS\System32\gfhkj.ini
C:\WINDOWS\system32\iemvvskc.ini
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\System32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.exe
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jkhhh.exe
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkji.exe
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.exe
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkll.exe
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\m19.exe
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.exe
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljji.exe
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllji.exe
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\mllmj.exe
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.exe
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mstskmgr.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhe.exe
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\pmkhh.exe
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.exe
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnll.exe
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.exe
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\qagrmjxq.dll
C:\WINDOWS\System32\qomnmml.dll
C:\WINDOWS\system32\scricon.exe
C:\WINDOWS\system32\spool.exe
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrq.exe
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqq.exe
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\sstqr.exe
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\sstts.exe
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\vtsqo.exe
C:\windows\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vtstt.exe
C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.exe
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vturr.exe
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.exe
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.exe
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\yocxiapt.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Nurina\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Nurina\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Nurina\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Nurina\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqn.exe
C:\WINDOWS\system32\awtqn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\awtqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqq.exe
C:\WINDOWS\system32\awtqq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtsp.exe
C:\WINDOWS\system32\awtsp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtsr.exe
C:\WINDOWS\system32\awtsr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvtr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\awvts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\awvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvtt.exe
C:\WINDOWS\system32\awvtt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\awvvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\awvvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bjymptsr.dll
C:\WINDOWS\system32\bjymptsr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccuvpipw.dll
C:\WINDOWS\system32\ccuvpipw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cksvvmei.dll
C:\WINDOWS\system32\cksvvmei.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddaba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddabb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabc.exe
C:\WINDOWS\system32\ddabc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabx.exe
C:\WINDOWS\system32\ddabx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayx.exe
C:\WINDOWS\system32\ddayx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddayy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccb.exe
C:\WINDOWS\system32\ddccb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddccc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\ddccy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ddcyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyy.exe
C:\WINDOWS\system32\ddcyy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebcc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gebcd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gebya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\gebyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyw.exe
C:\WINDOWS\system32\gebyw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gebyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\gebyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geeba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebc.exe
C:\WINDOWS\system32\geebc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geeby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geeda.exe
C:\WINDOWS\system32\geeda.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedb.exe
C:\WINDOWS\system32\geedb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\geedc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedc.exe
C:\WINDOWS\system32\geedc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\geedd.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\gfhkj.bak1
C:\WINDOWS\System32\gfhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\gfhkj.bak2
C:\WINDOWS\System32\gfhkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\gfhkj.ini
C:\WINDOWS\System32\gfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iemvvskc.ini
C:\WINDOWS\system32\iemvvskc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfg.exe
C:\WINDOWS\system32\jkhfg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhhg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jkhhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhh.exe
C:\WINDOWS\system32\jkhhh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\jkkjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkji.exe
C:\WINDOWS\system32\jkkji.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjj.exe
C:\WINDOWS\system32\jkkjj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jkkjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkll.exe
C:\WINDOWS\system32\jkkll.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\jkklm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\m19.exe
C:\WINDOWS\system32\m19.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjg.exe
C:\WINDOWS\system32\mljjg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljji.exe
C:\WINDOWS\system32\mljji.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mljjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\mlljg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system32\mlljg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllji.exe
C:\WINDOWS\system32\mllji.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mlljj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\mllmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmj.exe
C:\WINDOWS\system32\mllmj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmm.exe
C:\WINDOWS\system32\mllmm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mllmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mstskmgr.exe
C:\WINDOWS\system32\mstskmgr.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhe.exe
C:\WINDOWS\system32\pmkhe.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\pmkhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhh.exe
C:\WINDOWS\system32\pmkhh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\pmkjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnli.exe
C:\WINDOWS\system32\pmnli.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnlk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnll.exe
C:\WINDOWS\system32\pmnll.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\pmnnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnm.exe
C:\WINDOWS\system32\pmnnm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnnn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\pmnno.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qagrmjxq.dll
C:\WINDOWS\system32\qagrmjxq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\scricon.exe
C:\WINDOWS\system32\scricon.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\spool.exe
C:\WINDOWS\system32\spool.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\ssqpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrq.exe
C:\WINDOWS\system32\ssqrq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssqrs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqq.exe
C:\WINDOWS\system32\sstqq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\sstqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqr.exe
C:\WINDOWS\system32\sstqr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\ssttr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.exe
C:\WINDOWS\system32\sstts.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ssttu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vtsqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\vtsqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqo.exe
C:\WINDOWS\system32\vtsqo.exe Has been deleted!

Attempting to delete C:\windows\system32\vtsqp.dll
C:\windows\system32\vtsqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtstr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtsts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vtstt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.exe
C:\WINDOWS\system32\vtstt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturo.exe
C:\WINDOWS\system32\vturo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vturr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturr.exe
C:\WINDOWS\system32\vturr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vturs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\vtutq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\vtutr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuts.exe
C:\WINDOWS\system32\vtuts.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.exe
C:\WINDOWS\system32\vtutt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yocxiapt.dll
C:\WINDOWS\system32\yocxiapt.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\awtsrsr.dll
C:\WINDOWS\System32\awtsrsr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mstskmgr.exe
C:\WINDOWS\system32\mstskmgr.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 January 2008 - 09:36 AM

Please take your time and read ALL instructions as they are important in cleaning the infection.

Open the HijackThis Folder. Find the file HijackThis.exe, Right Click on the file and Select Rename. Rename Hijackthis.exe to Spyware.exe.



Open the HijackThis Folder. Find the file HijackThis.exe, Right Click on the file and Select Rename. Rename Hijackthis.exe to Spyware.exe.

Post a new HijackThis Log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#8 krukoss

krukoss

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 01 January 2008 - 10:20 AM

Sorry I missed out on that step here is the new log

Logfile of HijackThis v1.99.1
Scan saved at 12:02:19 PM, on 1/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dllmgr64.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sysmgr64.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Norman\Npm\bin\ZLH .EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\wbcmgr.exe
C:\WINDOWS\System32\mmdmm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\Spyware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ashleytisdale.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\jkhhh.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {16ee4f84-ccc3-736a-7894-14270a389091} - {190983a0-7241-4987-a637-3ccc48f4ee61} - C:\WINDOWS\System32\qagrmjxq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {726745E7-7A34-4278-9ECF-D08D7B091786} - C:\WINDOWS\System32\jkhhh.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD1C0C84-288D-454C-A3F3-3505EFCE6145} - C:\WINDOWS\system32\awtsrsr.dll (file missing)
O2 - BHO: (no name) - {F1573C42-449D-4516-8DB4-29CA34352F89} - C:\WINDOWS\System32\jkhfg.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKLM\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\scricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [MS Task Manager 32] C:\WINDOWS\System32\mstskmgr .exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\Run: [884d121a] rundll32.exe "C:\WINDOWS\System32\yocxiapt.dll",b
O4 - HKLM\..\RunServices: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\scricon.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Lsass Center] telecomes.exe
O4 - HKCU\..\Run: [Microsoft Update] C:\WINDOWS\System32\spool.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKCU\..\RunServices: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm490YYSG
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nurina\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-416895d34...ad/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst...tg.1.0.0.32.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse...zylomplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse...s/DinerDash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D736796B-FC39-4FAE-B170-15BDE34F8B78}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsrsr - awtsrsr.dll (file missing)
O20 - Winlogon Notify: blur - C:\WINDOWS\System32\Vsguys32g.dll
O20 - Winlogon Notify: cbxwtrr - cbxwtrr.dll (file missing)
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: qomnmml - qomnmml.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O21 - SSODL: CDRecorder031 - {A3BC5E20-0235-1ABF-9CE1-00AA00512031} - C:\WINDOWS\System32\ouneqf32.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: dllmgr64 - Unknown owner - C:\WINDOWS\dllmgr64.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe (file missing)
O23 - Service: Local Debug Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\windowsb.exe (file missing)
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Remote Access Monitor - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Remote Reader Machine - Unknown owner - C:\WINDOWS\system32\ssmc.exe (file missing)
O23 - Service: Remote Shell Reader - Unknown owner - C:\WINDOWS\system32\syscv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing)
O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\system\smss.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe
O23 - Service: Task Restore Service - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Terminal Device Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Plugin Application - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows Restore Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 January 2008 - 10:23 AM

As you can now see this infection hides the O2's and matching 020's.


Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 krukoss

krukoss

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 01 January 2008 - 10:58 AM

Here is combofix report :

ComboFix 07-12-31.4 - Nurina 2008-01-01 12:11:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.103 [GMT 8:00]
Running from: C:\Documents and Settings\Nurina\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\!- m@stur@ -!\Application Data\FunWebProducts
C:\Documents and Settings\!- m@stur@ -!\Application Data\FunWebProducts\Data\!- m@stur@ -!\avatar.dat
C:\Documents and Settings\!- m@stur@ -!\Application Data\FunWebProducts\Data\!- m@stur@ -!\register.dat
C:\Documents and Settings\!- m@stur@ -!\Application Data\searchtoolbarcorp
C:\Documents and Settings\!- m@stur@ -!\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\!- m@stur@ -!\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Documents and Settings\Anita\Application Data\FunWebProducts
C:\Documents and Settings\Anita\Application Data\FunWebProducts\Data\Anita\avatar.dat
C:\Documents and Settings\Anita\Application Data\FunWebProducts\Data\Anita\register.dat
C:\Documents and Settings\Nurina\Application Data\FunWebProducts
C:\Documents and Settings\Nurina\Application Data\FunWebProducts\Data\Nurina\avatar.dat
C:\Documents and Settings\Nurina\Application Data\FunWebProducts\Data\Nurina\register.dat
C:\Documents and Settings\Nurina\Application Data\searchtoolbarcorp
C:\Norman\Npm\bin\ZLH.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\kbui32.dll
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\FunWebProducts
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\vsadd-in
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\dinerdash.exe
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\iiffebb.dll
C:\WINDOWS\system32\instcat.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jkhhh.exe
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\rpcc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_POOF
-------\LEGACY_RUNTIME


((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2008-01-01 12:40 . 2008-01-01 12:14 <DIR> d-------- C:\HJT
2008-01-01 12:14 . 2008-01-01 11:56 <DIR> d-------- C:\VundoFix Backups
2008-01-01 12:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 12:02 . 2008-01-01 12:02 66,080 --a------ C:\WINDOWS\system32\vturs.exe
2008-01-01 12:02 . 2008-01-01 12:02 66,080 --a------ C:\WINDOWS\system32\ssqrr.exe
2008-01-01 12:02 . 2008-01-01 12:02 66,080 --a------ C:\WINDOWS\system32\gebyy.exe
2008-01-01 12:02 . 2008-01-01 12:02 66,080 --a------ C:\WINDOWS\system32\gebcc.exe
2008-01-01 12:02 . 2008-01-01 12:02 66,080 --a------ C:\WINDOWS\system32\awvvv.exe
2008-01-01 11:58 . 2008-01-01 11:59 1,031,139 --ahs---- C:\WINDOWS\system32\tpaixcoy.ini
2007-12-31 10:30 . 2007-12-31 10:30 41,472 --a------ C:\WINDOWS\system32\eraseme_72336.exe
2007-12-31 10:28 . 2007-12-31 10:28 0 --a------ C:\WINDOWS\system32\eraseme_18302.exe
2007-12-26 23:25 . 2007-12-26 23:48 <DIR> d-------- C:\Documents and Settings\!- m@stur@ -!\Application Data\Nokia Multimedia Player
2007-12-26 23:00 . 2007-12-31 09:57 1,031,619 --ahs---- C:\WINDOWS\system32\piwneynv.ini
2007-12-26 22:58 . 2007-12-26 22:58 0 --a------ C:\WINDOWS\system32\eraseme_00004.exe
2007-12-26 22:57 . 2008-01-01 11:56 163,840 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-26 14:18 . 2007-12-26 14:18 0 --a------ C:\WINDOWS\system32\eraseme_46285.exe
2007-12-26 13:57 . 2007-12-26 13:57 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-26 13:57 . 2007-12-26 13:57 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-26 13:57 . 2007-12-26 13:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PC Suite
2007-12-26 13:55 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-12-26 13:55 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2007-12-26 13:47 . 2007-12-26 13:47 62,976 --a------ C:\WINDOWS\system32\eraseme_38580.exe
2007-12-26 13:45 . 2007-12-26 13:45 50,688 -r-hs---- C:\WINDOWS\dllmgr64.exe
2007-12-26 13:40 . 2007-12-26 13:40 41,472 --a------ C:\WINDOWS\system32\eraseme_54012.exe
2007-12-26 13:35 . 2007-12-26 13:36 41,472 --a------ C:\WINDOWS\system32\eraseme_36842.exe
2007-12-26 13:34 . 2007-12-26 13:34 0 --a------ C:\WINDOWS\system32\eraseme_47778.exe
2007-12-26 13:28 . 2007-12-26 13:32 <DIR> d-------- C:\Documents and Settings\!- m@stur@ -!\Application Data\Nokia
2007-12-26 13:27 . 2007-12-26 13:27 <DIR> d-------- C:\Documents and Settings\!- m@stur@ -!\Application Data\AdobeUM
2007-12-26 13:27 . 2007-12-26 23:03 <DIR> d-------- C:\Documents and Settings\!- m@stur@ -!\Application Data\AdobeAUM
2007-12-26 13:27 . 2007-12-26 23:18 <DIR> d-------- C:\Documents and Settings\!- m@stur@ -!\Application Data\Adobe
2007-12-19 12:54 . 2007-12-19 13:03 <DIR> d-------- C:\Program Files\Nick Jr. Arcade
2007-12-19 12:45 . 2007-12-19 12:45 0 --a------ C:\WINDOWS\system32\eraseme_43581.exe
2007-12-19 12:44 . 2007-12-19 12:44 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-19 12:44 . 2007-12-26 13:57 <DIR> d-------- C:\Program Files\Nokia
2007-12-19 12:44 . 2007-12-19 12:44 <DIR> d-------- C:\Program Files\DIFX
2007-12-19 12:44 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-19 12:44 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-19 12:44 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-19 12:44 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-19 12:44 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-19 12:40 . 2007-12-26 13:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 12:40 . 2007-12-19 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-12-19 12:30 . 2007-12-19 12:28 <DIR> d-------- C:\Program Files\Nick Arcade
2007-12-19 12:23 . 2007-12-19 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-19 12:21 . 2007-12-19 12:21 57,344 -rahs---- C:\WINDOWS\system32\wbcmgr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 04:24 --------- d-----w C:\Program Files\QuickTime
2008-01-01 03:54 4,718,592 ---ha-w C:\Documents and Settings\!- m@stur@ -!\NTUSER.DAT
2008-01-01 03:54 --------- d-----w C:\Program Files\WinPoET Broadband Connection
2008-01-01 02:52 --------- d-----w C:\Documents and Settings\Anita\Application Data\IMVU
2007-12-31 01:56 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 15:48 --------- d-----w C:\Documents and Settings\!- m@stur@ -!\Application Data\Nokia Multimedia Player
2007-12-26 15:27 --------- d-----w C:\Documents and Settings\!- m@stur@ -!\Application Data\PC Suite
2007-12-26 15:18 --------- d-----w C:\Documents and Settings\!- m@stur@ -!\Application Data\Adobe
2007-12-26 15:03 --------- d-----w C:\Documents and Settings\!- m@stur@ -!\Application Data\AdobeAUM
2007-12-26 15:01 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-26 14:57 --------- d-----w C:\Documents and Settings\Krukoss\Application Data\PC Suite
2007-12-26 06:01 --------- d-----w C:\Documents and Settings\!- m@stur@ -!\Application Data\IMVU
2007-12-26 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-12-26 05:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 05:32 --------- d-----w C:\Documents and Settings\!- m@stur@ -!\Application Data\Nokia
2007-12-26 05:27 --------- d-----w C:\Documents and Settings\!- m@stur@ -!\Application Data\AdobeUM
2007-12-26 05:26 28,352 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-12-26 05:26 --------- d-----w C:\Program Files\IMVU
2007-12-19 04:35 --------- d-----w C:\Documents and Settings\Anita\Application Data\Nokia
2007-12-19 04:23 --------- d-----w C:\Documents and Settings\Anita\Application Data\PC Suite
2007-11-20 15:31 41,472 --sh--r C:\WINDOWS\sysmgr64.exe
2007-11-20 15:19 --------- d-----w C:\Program Files\DivX
2007-11-16 06:41 --------- d-----w C:\Program Files\EA GAMES
2007-01-15 16:07 16,368 ----a-w C:\Documents and Settings\Anita\Application Data\GDIPFONTCACHEV1.DAT
2006-09-20 11:54 16,368 ----a-w C:\Documents and Settings\!- m@stur@ -!\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 05:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-09-14 07:51 660,805 --sha-w C:\WINDOWS\system32\klkkj.bak1
2007-09-14 07:56 662,832 --sha-w C:\WINDOWS\system32\klkkj.ini2
2002-08-28 19:41 80,533 --sha-r C:\WINDOWS\system32\mmdmm.exe
.
----a-w		   183,352 2008-01-01 03:56:08  C:\Norman\npm\bin\ZLH .EXE
----a-w			57,344 2008-01-01 03:56:24  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w		 1,871,872 2008-01-01 02:52:12  C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
----a-w			32,768 2008-01-01 03:56:00  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
----a-w			68,856 2008-01-01 03:56:38  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w			45,167 2008-01-01 03:56:05  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
----a-w		 1,511,453 2008-01-01 03:55:50  C:\Program Files\Messenger\msmsgs .exe
----a-w		 5,674,352 2007-12-29 17:17:26  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w			19,968 2008-01-01 03:56:17  C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot .exe
----a-w		   110,592 2008-01-01 03:56:15  C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray .exe
----a-w		   227,328 2008-01-01 03:56:21  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
----a-w		 1,744,896 2007-12-31 01:58:10  C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2 .exe
----a-w		   662,016 2008-01-01 03:56:10  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   662,016 2008-01-01 04:14:43  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   662,016 2008-01-01 03:56:34  C:\Program Files\QuickTime\qttask		.exe
----a-w		   662,016 2008-01-01 03:57:05  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   662,016 2008-01-01 02:51:56  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   662,016 2007-12-31 01:57:52  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   662,016 2007-12-31 01:57:22  C:\Program Files\QuickTime\qttask	.exe
----a-w		   662,016 2007-12-31 01:56:56  C:\Program Files\QuickTime\qttask   .exe
----a-w		   662,016 2007-12-31 01:56:52  C:\Program Files\QuickTime\qttask  .exe
----a-w		   662,016 2007-12-29 17:16:03  C:\Program Files\QuickTime\qttask .exe
----a-w		   241,664 2008-01-01 03:56:02  C:\Program Files\WinPoET Broadband Connection\winpppoverethernet .exe
----a-w		   163,840 2008-01-01 03:56:44  C:\WINDOWS\system32\NeroCheck .exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{190983a0-7241-4987-a637-3ccc48f4ee61}]
C:\WINDOWS\System32\qagrmjxq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9759E245-01E3-406A-98E9-44A151CF4DD6}]
2008-01-01 11:55 344576 --a------ C:\WINDOWS\System32\jkhhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD1C0C84-288D-454C-A3F3-3505EFCE6145}]
2007-05-15 09:59 29206 --a------ C:\WINDOWS\system32\awtsrsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1573C42-449D-4516-8DB4-29CA34352F89}]
C:\WINDOWS\System32\jkhfg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"WMI Performance Adapter Services"="C:\WINDOWS\System32\drivers\wmiapsrvs.exe" [ ]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]
"Auto File System Conversion Utility"="C:\WINDOWS\System32\wbem\scricon.exe" [ ]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-31 10:52 2052096]
"Microsoft Telecoms Center"="telcoms.exe" []
"Microsoft Lsass Center"="telecomes.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WMI Performance Adapter Services"="C:\WINDOWS\System32\drivers\wmiapsrvs.exe" [ ]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]
"Auto File System Conversion Utility"="C:\WINDOWS\System32\wbem\scricon.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"a-winpoet-service"="C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [ ]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [ ]
"AutoDiscovery/AutoPurge (ADAP) Service"="C:\WINDOWS\System32\wbem\wmiadapi.exe" [ ]
"WMI Performance Adapter Services"="C:\WINDOWS\System32\drivers\wmiapsrvs.exe" [ ]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]
"Auto File System Conversion Utility"="C:\WINDOWS\system32\scricon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [ ]
"Wbcmgr"="wbcmgr.exe" [2007-12-19 12:21 57344 C:\WINDOWS\system32\wbcmgr.exe]
"MS Task Manager 32"="C:\WINDOWS\System32\mstskmgr .exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"mmsass"="mmdmm.exe" [2002-08-29 03:41 80533 C:\WINDOWS\system32\mmdmm.exe]
"884d121a"="C:\WINDOWS\System32\yocxiapt.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AutoDiscovery/AutoPurge (ADAP) Service"="C:\WINDOWS\System32\wbem\wmiadapi.exe" [ ]
"WMI Performance Adapter Services"="C:\WINDOWS\System32\drivers\wmiapsrvs.exe" [ ]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]
"Auto File System Conversion Utility"="C:\WINDOWS\system32\scricon.exe" [ ]
"mmsass"="mmdmm.exe" [2002-08-29 03:41 80533 C:\WINDOWS\system32\mmdmm.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AutoDiscovery/AutoPurge (ADAP) Service"="C:\WINDOWS\System32\wbem\wmiadapi.exe" [ ]
"WMI Performance Adapter Services"="C:\WINDOWS\System32\drivers\wmiapsrvs.exe" [ ]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]
"Auto File System Conversion Utility"="C:\WINDOWS\system32\scricon.exe" [ ]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"AutoDiscovery/AutoPurge (ADAP) Service"="C:\WINDOWS\System32\wbem\wmiadapi.exe" [ ]
"WMI Performance Adapter Services"="C:\WINDOWS\System32\drivers\wmiapsrvs.exe" [ ]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]
"Auto File System Conversion Utility"="C:\WINDOWS\system32\scricon.exe" [ ]

C:\Documents and Settings\Anita\Start Menu\Programs\Startup\
IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-12-20 10:00:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CD1C0C84-288D-454C-A3F3-3505EFCE6145}"= C:\WINDOWS\system32\awtsrsr.dll [2007-05-15 09:59 29206]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrsr]
awtsrsr.dll 2007-05-15 09:59 29206 C:\WINDOWS\system32\awtsrsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\blur]
C:\WINDOWS\System32\Vsguys32g.dll 2001-08-23 20:00 8704 C:\WINDOWS\system32\Vsguys32g.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwtrr]
cbxwtrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnmml]
qomnmml.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\System32\jkhhh.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\jkhhh
AutoDiscovery/AutoPurge (ADAP) Service REG_SZ C:\WINDOWS\System32\wbem\wmiadapi.exe
WMI Performance Adapter Services REG_SZ C:\WINDOWS\System32\drivers\wmiapsrvs.exe
WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe
Auto File System Conversion Utility REG_SZ C:\WINDOWS\system32\scricon.exe

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-12-28 13:12]
R2 dllmgr64;dllmgr64;"C:\WINDOWS\dllmgr64.exe" [2007-12-26 13:45]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 sysmgr64;sysmgr64;"C:\WINDOWS\sysmgr64.exe" [2007-11-20 23:31]
R3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
R3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]
R3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]
R3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 11:38]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys [2002-07-17 13:52]
R3 WRSWanDD;iVasion PoET Adapter;C:\WINDOWS\System32\DRIVERS\WrKPoETNic2000.sys [2002-07-17 13:53]
S2 DLLHOST32;Windows Host Services;"C:\WINDOWS\system\dllhost.exe" []
S2 icrss;icrss manager 32bit;"C:\WINDOWS\system\icrss.exe" []
S2 Local Debug Manager;Local Debug Manager;"C:\WINDOWS\system32\spoolvc.exe" []
S2 Microsoft Windows System32;Microsoft Windows System32;"C:\WINDOWS\windowsb.exe" []
S2 mside;Microsoft Sata emulation;"C:\WINDOWS\system\mside.exe" []
S2 Remote Access Monitor;Remote Access Monitor;"C:\WINDOWS\system32\spoolvc.exe" []
S2 Remote Reader Machine;Remote Reader Machine;"C:\WINDOWS\system32\ssmc.exe" []
S2 Remote Shell Reader;Remote Shell Reader;"C:\WINDOWS\system32\syscv.exe" []
S2 SMSC;System Manger Service 32;"C:\WINDOWS\system\smsc.exe" []
S2 SMSS;Windows NT Session Manager;"C:\WINDOWS\system\smss.exe" []
S2 Task Restore Service;Task Restore Service;"C:\WINDOWS\system32\spoolvc.exe" []
S2 Terminal Device Services;Terminal Device Services;"C:\WINDOWS\system32\spoolvc.exe" []
S2 Windows Plugin Application;Windows Plugin Application;"C:\WINDOWS\system32\svshost.exe" []
S2 Windows Restore Manager;Windows Restore Manager;"C:\WINDOWS\system32\svshost.exe" []
S2 Windows Terminal Services;Windows Terminal Services;"C:\WINDOWS\system32\spoolvc.exe" []

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2007-08-24 01:22:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-20 16:00:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-10 01:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-12-31 02:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-15 03:00:02 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2008-01-01 04:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-12-19 05:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-12-26 06:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-16 07:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-15 08:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-11 09:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-11 10:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-09 17:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-12-14 11:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-09 12:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-09 13:00:02 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-11-11 14:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-12-26 15:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-10-08 18:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-08-26 19:01:11 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-08-27 08:00:57 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-10-24 21:00:03 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-10-24 22:00:01 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-10-24 23:00:01 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2007-10-25 00:00:05 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\mi50vk2X.exe
"2008-01-01 04:30:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 11:55:32
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\hhhkj.ini2 319 bytes
C:\WINDOWS\system32\jkhhh.exe 348160 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
" AutoDiscovery/AutoPurge (ADAP) Service"="C:\\WINDOWS\\System32\\wbem\\wmiadapi.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\awtsrsr.dll
-> C:\WINDOWS\System32\Vsguys32g.dll
-> C:\WINDOWS\System32\netfilter.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> C:\WINDOWS\system32\awtsrsr.dll
-> C:\WINDOWS\System32\jkhhh.dll
.
Completion time: 2008-01-01 11:59:57 - machine was rebooted [Krukoss]
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 03:59:55


HJT log :

Logfile of HijackThis v1.99.1
Scan saved at 12:05, on 2008-01-01
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dllmgr64.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sysmgr64.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mmdmm.exe
C:\WINDOWS\System32\wbcmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\mstskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\Spyware.exe

F3 - REG:win.ini: load=C:\WINDOWS\System32\jkhhh.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {16ee4f84-ccc3-736a-7894-14270a389091} - {190983a0-7241-4987-a637-3ccc48f4ee61} - C:\WINDOWS\System32\qagrmjxq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9759E245-01E3-406A-98E9-44A151CF4DD6} - C:\WINDOWS\System32\jkhhh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD1C0C84-288D-454C-A3F3-3505EFCE6145} - C:\WINDOWS\system32\awtsrsr.dll
O2 - BHO: (no name) - {F1573C42-449D-4516-8DB4-29CA34352F89} - C:\WINDOWS\System32\jkhfg.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKLM\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\scricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [MS Task Manager 32] C:\WINDOWS\System32\mstskmgr.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\Run: [884d121a] rundll32.exe "C:\WINDOWS\System32\yocxiapt.dll",b
O4 - HKLM\..\RunServices: [ AutoDiscovery/AutoPurge (ADAP) Service] C:\WINDOWS\System32\wbem\wmiadapi.exe
O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\scricon.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [Microsoft Lsass Center] telecomes.exe
O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm490YYSG
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nurina\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-416895d34...ad/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst...tg.1.0.0.32.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse...zylomplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse...s/DinerDash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D736796B-FC39-4FAE-B170-15BDE34F8B78}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsrsr - C:\WINDOWS\SYSTEM32\awtsrsr.dll
O20 - Winlogon Notify: blur - C:\WINDOWS\System32\Vsguys32g.dll
O20 - Winlogon Notify: cbxwtrr - cbxwtrr.dll (file missing)
O20 - Winlogon Notify: qomnmml - qomnmml.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: dllmgr64 - Unknown owner - C:\WINDOWS\dllmgr64.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe (file missing)
O23 - Service: Local Debug Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\windowsb.exe (file missing)
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Remote Access Monitor - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Remote Reader Machine - Unknown owner - C:\WINDOWS\system32\ssmc.exe (file missing)
O23 - Service: Remote Shell Reader - Unknown owner - C:\WINDOWS\system32\syscv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing)
O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\system\smss.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe
O23 - Service: Task Restore Service - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Terminal Device Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Plugin Application - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows Restore Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 January 2008 - 11:30 AM

You have a few infection which infects legitimate files, it can be a bit of a pain
Do NOT reboot until instructed to.

Read the instruction very carefully. You will run the log.txt first.


Download RenV.exe by sUBs to your desktop


================================================================================
=========
1.) Copy the following text to a new notepad file.
Save it as CFScript.txt but do NOT use it yet.

  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as CFScript.txt (Overwrite the existing one)
  • Change the Save as Type to All Files
  • and Save it on the desktop
File _linenums:0'><strong class='bbc'>File::</strong>
C:\VundoFix Backups
C:\WINDOWS\system32\vturs.exe
C:\WINDOWS\system32\ssqrr.exe
C:\WINDOWS\system32\gebyy.exe
C:\WINDOWS\system32\gebcc.exe
C:\WINDOWS\system32\awvvv.exe
C:\WINDOWS\system32\tpaixcoy.ini
C:\WINDOWS\system32\eraseme_72336.exe
C:\WINDOWS\system32\eraseme_18302.exe
C:\WINDOWS\system32\piwneynv.ini
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\eraseme_46285.exe
C:\WINDOWS\system32\eraseme_38580.exe
C:\WINDOWS\dllmgr64.exe
C:\WINDOWS\system32\eraseme_54012.exe
C:\WINDOWS\system32\eraseme_36842.exe
C:\WINDOWS\system32\eraseme_47778.exe
C:\WINDOWS\system32\eraseme_43581.exe
C:\WINDOWS\sysmgr64.exe
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\mmdmm.exe
C:\WINDOWS\System32\qagrmjxq.dll
C:\WINDOWS\System32\jkhhh.dll
C:\WINDOWS\system32\awtsrsr.dll
C:\WINDOWS\System32\jkhfg.dll
C:\WINDOWS\system32\awtsrsr.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\System32\mi50vk2X.exe
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

<strong class='bbc'>Registry::</strong>
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{190983a0-7241-4987-a637-3ccc48f4ee61}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9759E245-01E3-406A-98E9-44A151CF4DD6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD1C0C84-288D-454C-A3F3-3505EFCE6145}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1573C42-449D-4516-8DB4-29CA34352F89}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CD1C0C84-288D-454C-A3F3-3505EFCE6145}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrsr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\blur]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnmml]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


2.) Drag log.txt from desktop that RenV created on top of RenV.exe
Follow the prompts.
Once done it makes a log.
Post its results.

3.) Drag CFScript on top of combofix.exe and let it run.
Post the new log it makes when machine reboots.

Let me know how machine is running.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 04:43 PM

Do you still need help?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 January 2008 - 03:58 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users