Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Upon Clicking On Ie Link


  • Please log in to reply
3 replies to this topic

#1 blazecon

blazecon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 06 August 2007 - 02:42 PM

I have followed the instructions and downloaded ad aware. It found close to 120 items to delete. Also did a cleanmgr. Then tried again and the problem still exists.
In a nutshell the problem as described is this. After doing an internet search in IE, when clicking on a link, I am redirected to another type of search engine instead of the site. When I click the back button, I sometimes am just refreshed to the same site. If I go to the arrow on the back button and click on the last page I can again click on the link only to be taken to a different search engine than the first. If I am persistent enough to do this 3 times I will usually get the proper site that I clicked on. However, if I copy and paste the address in the address bar, or if I type the address, I get the correct site the first time.




Please note the following is the log from hijack this.

All scans other than adaware have so far been stopped or frozen when scanning the registry after completing approx. 70% of the scan.

Please help as this is extremely annoying.

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:56 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\FlexLM\lmgrd.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe
C:\FlexLM\lmgrd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\FlexLM\adskflex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\MOUSE32A.DAT
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F8842A8-F719-4408-B8A2-9776014787A1}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F90A143-94D5-46A5-8843-473EC7DF3389}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB5554BC-E43F-48DF-8512-E6C74E6E66BC}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1150751-169E-45E4-AF06-403B6A2A6CC6}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F8842A8-F719-4408-B8A2-9776014787A1}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.132
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Flexlm LICENSE MANAGER - Macrovision Corporation - C:\FlexLM\lmgrd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6400 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 06 August 2007 - 03:47 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum blazecon :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please download FixWareout:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it.
Click Next,then Install,then make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load,this is normal.

When your system reboots,follow the prompts.
Afterwards, HijackThis will launch.
Please click Scan, and checkmark the following items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{2F8842A8-F719-4408-B8A2-9776014787A1}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F90A143-94D5-46A5-8843-473EC7DF3389}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB5554BC-E43F-48DF-8512-E6C74E6E66BC}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1150751-169E-45E4-AF06-403B6A2A6CC6}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F8842A8-F719-4408-B8A2-9776014787A1}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.132


Click 'Fix Checked'.
Close HijackThis,and click OK to proceed.
At the end of the fix you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt into your next reply.

Please Note:
Only do the following if you have connection problems after performing the above steps:
Go to Start>Control Panel,and choose 'Network Connections'.
Then right click on your default connection,usually 'Local Area Connection' or 'Dial-up Connection' if you are using Dial-up,then left click on 'Properties'.
Double-click on the 'Internet Protocol (TCP/IP)' item and select the radio button that says: 'Obtain DNS servers Automatically'.
Click OK twice,restart your computer.

----------------------------------------------------

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log.
Posted Image
Posted Image

#3 blazecon

blazecon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 06 August 2007 - 05:44 PM

here are the reports you asked for

ComboFix 07-08-06.5 - "J D GRANT" 2007-08-06 18:30:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.854 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\plates.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\tray.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\back_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backchalk.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\cancel.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\cancelup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\career_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\close.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\closeup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\continue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\continueover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\download_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\easy.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\easy_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\hard.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\hard_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\help.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\help_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\highscores.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\letsplay.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\medium.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\medium_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\off_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\on_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\pause.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\pauseover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitgame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\resumegame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\submit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\submitup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\tryagain.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\career.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\customer.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\endless.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\global.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\powerups.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\cook.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\idle.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\lower.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\upper.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\fonts\arial.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\chair.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\textedit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\title.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\playfirst_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\credits.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\help.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\chairflags.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\clock.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\closingtime.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\coinflip.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\expertscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\fork_timer.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\jar.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\level.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\level_career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\score.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\sound.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\staroff.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\staron.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tablenumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\dinerdash.exe


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-06 18:30 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-06 18:18 8,753 --a------ C:\dnsbak.reg
2007-08-06 13:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-06 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-06 11:36 <DIR> d-------- C:\Program Files\CCleaner
2007-08-06 11:18 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-06 11:18 <DIR> d-------- C:\DOCUME~1\JDGRAN~1\Shared
2007-08-06 11:18 <DIR> d-------- C:\DOCUME~1\JDGRAN~1\Incomplete
2007-08-06 11:18 <DIR> d-------- C:\DOCUME~1\JDGRAN~1\APPLIC~1\FrostWire
2007-08-06 11:11 <DIR> d-------- C:\Program Files\FrostWire
2007-08-06 10:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-31 00:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-29 21:05 <DIR> d-------- C:\Program Files\Browser Hijack Recover


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-07-10 20:28 --------- d-------- C:\Program Files\Common Files\Vbox
2007-08-06 15:15 --------- d-------- C:\Program Files\EditCDG
2007-08-06 15:15 --------- d-------- C:\Program Files\CompuHost
2007-08-06 13:19 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-06 10:40 4590 --a------ C:\DOCUME~1\JDGRAN~1\APPLIC~1\wklnhst.dat
2007-07-31 00:58 --------- d-------- C:\Program Files\IMVU
2007-07-31 00:58 --------- d-------- C:\DOCUME~1\JDGRAN~1\APPLIC~1\Chessmaster Challenge
2007-07-31 00:34 --------- d-------- C:\Program Files\Swift Elite 4
2007-06-24 17:48 --------- d-------- C:\DOCUME~1\JDGRAN~1\APPLIC~1\IMVU
2007-05-16 11:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 14:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 14:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 13:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 17:24]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 18:44]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 18:09]
"FLMOFFICE4DMOUSE"="C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe" [2006-07-03 17:43]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 08:43:54]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Registration.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Registration.lnk
backup=C:\WINDOWS\pss\Corel Registration.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK
backup=C:\WINDOWS\pss\CorelCENTRAL 9.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
backup=C:\WINDOWS\pss\CorelCENTRAL Alarms.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^J D GRANT^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
path=C:\Documents and Settings\J D GRANT\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
backup=C:\WINDOWS\pss\Lotus Organizer EasyClip.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
"%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeopleWatcher]
"C:\Program Files\PeopleWatcher\AppStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 eabfiltr;EABFiltr;\??\C:\WINDOWS\system32\drivers\EABFiltr.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 Flexlm LICENSE MANAGER;Flexlm LICENSE MANAGER;C:\FlexLM\lmgrd.exe
R2 LxrJD31d;LxrJD31d;\??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys
R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camcaud.sys
R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camchal.sys
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
S2 pciinfo;HP Pci Information;\??\C:\DOCUME~1\JDGRAN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys
S2 PPNT;PPNT;C:\WINDOWS\system32\drivers\PPNT.sys
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys
S3 dot4ufd;HP Dot4usb Filter;C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
S3 eabusb;eabusb;\??\C:\WINDOWS\system32\drivers\eabusb.sys
S3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys


Contents of the 'Scheduled Tasks' folder
2007-07-31 00:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-06 22:23:40 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 18:34:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 18:35:50
C:\ComboFix-quarantined-files.txt ... 2007-08-06 18:35

--- E O F ---
Username "J D GRANT" - 08/06/2007 18:18:23 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdunq.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.166 85.255.112.132" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2F8842A8-F719-4408-B8A2-9776014787A1}
"nameserver"="85.255.116.166,85.255.112.132" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9F90A143-94D5-46A5-8843-473EC7DF3389}
"nameserver"="85.255.116.166,85.255.112.132" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BB5554BC-E43F-48DF-8512-E6C74E6E66BC}
"nameserver"="85.255.116.166,85.255.112.132" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C1150751-169E-45E4-AF06-403B6A2A6CC6}
"nameserver"="85.255.116.166,85.255.112.132" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9F90A143-94D5-46A5-8843-473EC7DF3389}
"DhcpNameServer"="85.255.116.166,85.255.112.132" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C1150751-169E-45E4-AF06-403B6A2A6CC6}
"DhcpNameServer"="85.255.116.166,85.255.112.132" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F10AE339-AE5C-4793-9074-737A3C21CD99}
"DhcpNameServer"="85.255.116.166,85.255.112.132" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdunq.ren 63371 08/04/2004

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"PrintServer Diagnostic"="C:\\Program Files\\Print Server\\PTP\\PSDiagnostic.exe"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Wireless Laser Mouse\\moffice.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


I ran the HJT scan and did not find the items you listed so I assume they were removed during one of the processes. Here is the latest HJT scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:48 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\FlexLM\lmgrd.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe
C:\FlexLM\lmgrd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\FlexLM\adskflex.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\MOUSE32A.DAT
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Flexlm LICENSE MANAGER - Macrovision Corporation - C:\FlexLM\lmgrd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5436 bytes


Please advise me if there is anything else I need to do.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 06 August 2007 - 05:56 PM

You've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

-----------------------------------------

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
FixWareout
Combofix.exe

C:\FixWareout
C:\QooBox

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

------------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users