Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » infected with something....HELP

[Fixed] Hijackthis! Logs - infected with something....HELP posted in the Security & Safety forums; My laptop has been infected. I've tried in safe mode to run my Yahoo Antivirus and Spyware programs, I cleaned/removed what they recommended. I also had XP Antivirus 2008 that ...

JOIN US NOW to remove these Ads

PC Help Forum, the number one FREE computer support website in the search engines
Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 01-07-2008
ajwp97's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 5
PC Experience: Some Experience
ajwp97 - See this Members User comments on their Profile page
Unhappy infected with something....HELP
My laptop has been infected. I've tried in safe mode to run my Yahoo Antivirus and Spyware programs, I cleaned/removed what they recommended. I also had XP Antivirus 2008 that infected my system but I think I deleted that out of the program files. I'm still getting bumped to ads when I click on links to other pages and my system is slow.

I just downloaded hijackthis and here is the log: CAN YOU HELP ME?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:58 AM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Global Acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836 AC4FA7C8833201749139
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [StartUp] C:\WINDOWS\trayicons.exe /optimize speed
O4 - HKCU\..\Run: [FEW] "C:\Program Files\_wef_\sf.exe" /scan
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\abedpiwq.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [Windows Rescue System] C:\WINDOWS\TEMP\winsto.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Rescue System] C:\WINDOWS\TEMP\winsto.exe (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/din...c.1.0.0.92.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{24387A07-DCC6-4020-9AE8-1C2A2E5DE8E7}: NameServer = 85.255.115.62,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F20302D-DB71-4FF5-BD99-A59D086B7C69}: NameServer = 85.255.115.62,85.255.112.107
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.107
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Local Security Manager (LocalAgent) - Unknown owner - C:\WINDOWS\system32\update293.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 8808 bytes
  #2  
Old 01-07-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,325
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: infected with something....HELP
You have a few infections....


Download SDFix from here and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

=========================================
This will help to identify malware on your system.
Please download Combofix from any of these locations:
Here
or
Here
Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Caution...Never run and remove files using ComboFix without being supervised by a security analyst.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 01-10-2008
ajwp97's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 5
PC Experience: Some Experience
ajwp97 - See this Members User comments on their Profile page
Default Re: infected with something....HELP
Hi Pancake,

Sorry for the delay, I haven't had a lot of time to fool with my laptop. I ran the SDFix, restarted my computer etc. I tried to get on this morning to send you the report but my system is SUPER slow and I couldn't manage to get all the way to my forum on PChelpforum, I would get as far as the forum page and then it would time out. I'm getting new windows opening with ads that I didn't have before too. Uuuuggghh.

I'm am right now at my work computer and won't be home to work on my laptop for a few hours. I will try to get the report posted for you as soon as I can. I'll also try to do the combofix at that time too.

Thanks so much for your help so far.
  #4  
Old 01-11-2008
ajwp97's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 5
PC Experience: Some Experience
ajwp97 - See this Members User comments on their Profile page
Default Re: infected with something....HELP
Okay I'm on at home now. But everytime I type in a webaddress I get bounced to a new window with some ****. Now while I'm typing I keep getting bounced back to that other website smasHits.com. Very frustrating.

Here is the SDFix report, I'm going to go back and do the ComboFix now.

SDFix: Version 1.124
Run by Rick on Mon 01/07/2008 at 09:14 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix\SDFix
Safe Mode:
Checking Services:
Name:
Microsoft Inet Service
Path:
C:\WINDOWS\system32\_svchost.exe -A
Microsoft Inet Service - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service NdisWon - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted
C:\DOCUME~1\Rick\LOCALS~1\Temp\removalfile.bat - Deleted
C:\wsusupd.exe - Deleted
C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UERT_0001_D19M2109NetInstaller.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\mrofinu572.exe - Deleted
C:\WINDOWS\mrofinu572.exe.tmp - Deleted
C:\WINDOWS\nwan.dat - Deleted
C:\WINDOWS\system32\_svchost.exe - Deleted
C:\WINDOWS\system32\3_exception.nls - Deleted
C:\WINDOWS\system32\delFSF.bat - Deleted
C:\WINDOWS\system32\explorer.exe - Deleted
C:\WINDOWS\system32\Kernel32.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tmp - Deleted
C:\WINDOWS\Temp\winsto.exe - Deleted
C:\WINDOWS\trayicons.exe - Deleted


Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 08:58:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\kdsgx.exe 81920 bytes
C:\WINDOWS\Prefetch\KDSGX.EXE-29F2F9F2.pf 16384 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2

Remaining Services:
------------------

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:E nabled:LimeWire swarmed installer"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.546 2\\GoogleToolbarNotifier.exe"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.546 2\\GoogleToolbarNotifier.exe:*isabled:GoogleTool barNotifier"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*isabled:AT&T Yahoo! Music Jukebox"
"C:\\WINDOWS\\system32\\aajiyfdc.exe"="C:\\WINDOWS \\system32\\aaj"
"C:\\WINDOWS\\system32\\abedpiwq.exe"="C:\\WINDOWS \\system32\\abe"
"C:\\WINDOWS\\system32\\yyopvvql.exe"="C:\\WINDOWS \\system32\\yyo"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 19 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 19 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 19 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Fri 19 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Fri 19 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Mon 7 Jan 2008 636,797 ..SH. --- "C:\WINDOWS\system32\xybeg.bak2"
Sat 5 Jan 2008 637,477 ..SH. --- "C:\WINDOWS\system32\xybeg.bak1"
Thu 3 Jan 2008 23,714 ..SH. --- "C:\WINDOWS\system32\viqbbnbf.dllbox"
Wed 14 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 19 Sep 2006 304,736 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\uinstrsc.dll"
Finished!
  #5  
Old 01-11-2008
ajwp97's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 5
PC Experience: Some Experience
ajwp97 - See this Members User comments on their Profile page
Default Re: infected with something....HELP
Here is the ComboFix.txt report:

ComboFix 08-01-10.2 - Rick 2008-01-10 21:50:40.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.154 [GMT -5:00]
Running from: C:\Documents and Settings\Rick\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode
C:\Documents and Settings\Rick\Application Data\ErrorProtector Free
C:\Documents and Settings\Rick\Application Data\ErrorProtector Free\Logs\update.log
C:\Documents and Settings\Rick\Application Data\macromedia\Flash Player\#SharedObjects\3QKA7HZJ\Broadcaster.com | Home | Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More
C:\Documents and Settings\Rick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#Broadcaster.com | Home | Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More
C:\Documents and Settings\Rick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Rick\first.main
C:\Documents and Settings\Rick\ResErrors.log
C:\Documents and Settings\Rick\wef.log
C:\Program Files\installer\.lock
C:\Program Files\installer\sfs.exe
C:\Program Files\installer\si.exe
C:\Temp\1cb\
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\customer _cup.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\heart.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\menu_dow n.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\menu_up. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\plates.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\ticket.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\music\mainmenu music.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_bring_ check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_delive r_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_delive r_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_diner. ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_dish_d ropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_food_r eady_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_gain_h eart_1.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_get_dr inks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_party_ arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_pencil _write_2.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_pickup _food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_rollov er_1.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_seat_p eople_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\choosedi fficulty.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\credits. jpg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\flo_lose .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\flo_win. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\help1.jp g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\help2.jp g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\highscor es.jpg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\levelint ro.jpg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\levelint ro_mask.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\levelove r.jpg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\levelove r_mask.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\mainmenu .jpg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\popup.jp g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\popup_ma sk.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\upgradeg rid.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\upgradet itle.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\upsell.j pg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\arrowleft_bl ue.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\arrowleft_ye llow.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\arrowright_b lue.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\arrowright_y ellow.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\back_blue.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\back_yellow. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\backchalk.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\backchalkup. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\backtomenu_b lue.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\backtomenu_y ellow.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\career_over. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\continueover .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\credits_blue .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\credits_yell ow.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\download_blu e.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\download_yel low.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\easy_over.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\endlessshift .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\endlessshift _over.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\hard_over.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\help_over.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\highscores.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\highscores_o ver.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\instructions _blue.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\instructions _yellow.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\letsplayover .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\medium_over. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\moreinfoup.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\pauseover.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\quitgameover .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\resumegame.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\resumegameov er.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\tryagainover .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\upgrade_over .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\upgrade_up.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewglobal.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewglobalup .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewhighscor e.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewhighscor eon.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewlocal.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewlocalup. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\a nim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\b lue\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\b lue\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\b lue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\g reen\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\g reen\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\g reen\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\p urple\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\p urple\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\p urple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\r ed\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\r ed\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\r ed\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\y ellow\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\y ellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\y ellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\green\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\red\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_fema le\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\fonts\komikaaxis.mve c
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\dirt2top.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\dirt4top.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\dishcart.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\dishcart.x ml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\drinkstati on_off.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\drinkstati on_on1.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\drinkstati on_on2.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\ticketstat ion.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\ticketstat ion.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowdown.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowdownon. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowleft.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowlefton. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowright.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowrighton .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowupon.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_1. txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_1_ a.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_1_ b.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_1_ c.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2. txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2_ a.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2_ b.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2_ c.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2_ d.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3. txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3_ a.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3_ b.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3_ c.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3_ d.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\fifth_level_ diner.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\first_level_ diner.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\fourth_level _diner.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\second_level _diner.txt
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\ba ckground.jpg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\fo od\food1.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\fo od\food1.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\fo od\food2.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\fo od\food2.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\fo od\food3.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\fo od\food3.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\fr ames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\ta bles\2top.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\ta bles\2top.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\ta bles\4top.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\ta bles\4top.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\up grades.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\tablesha dow.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\choosediffic ulty.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\chooseplayer .lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\chooserestau rant.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\gothighscore .lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\hiscoreinfo. lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\hiscoresubmi t.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\levelintro.l ua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\levelover.lu a
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\tutorialintr o.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\splash\gamelabsplash .jpg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\splash\playfirst_log o.jpg
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\doodles\coffee.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\doodles\tables.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\doodles\wallpaper .png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tutorial_characte r.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\drinks.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\maitred. png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\select.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\shoes.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\stereo.p ng
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\table.pn g
C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92\dinerdash.exe
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\cycbpfrf.dll
C:\WINDOWS\system32\dhcmjjsc.dll
C:\WINDOWS\system32\dighcjux.ini
C:\WINDOWS\system32\drivers\drv.sys
C:\WINDOWS\system32\ex1
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\grjtmjvm.dll
C:\WINDOWS\system32\gvumiune.ini
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\ineWc01\ineWc011065.exe
C:\WINDOWS\system32\jknwflej.dll
C:\WINDOWS\system32\jrpmburt.dll
C:\WINDOWS\system32\kdsgx.exe
C:\WINDOWS\system32\ktrmcnqn.dll
C:\WINDOWS\system32\maffdmde.ini
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\ntdtodjp.dll
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\pc.dll
C:\WINDOWS\system32\plbvlqtq.ini
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\sujgseeo.ini
C:\WINDOWS\system32\update275.exe
C:\WINDOWS\system32\update293.exe
C:\WINDOWS\system32\viqbbnbf.dllbox
C:\WINDOWS\system32\wdlilchl.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\yicucpmy.ini
C:\WINDOWS\system32\yqgmhxet.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DRV

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.
2008-01-10 21:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 21:13 . 2008-01-07 21:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-07 01:12 . 2008-01-07 01:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 09:40 . 2008-01-06 09:40 75,840 --a------ C:\WINDOWS\system32\tlsdwqec.dll
2008-01-06 00:06 . 2008-01-06 00:06 <DIR> d-------- C:\Program Files\XP Antivirus
2008-01-03 10:22 . 2008-01-03 10:23 <DIR> dr-h----- C:\Documents and Settings\Rick\Application Data\yahoo!
2007-12-20 11:20 . 2007-12-20 11:21 20,480 --a------ C:\WINDOWS\quit.exe
2007-12-20 01:42 . 2007-12-20 01:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-20 00:46 . 2007-12-20 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2007-12-20 00:45 . 2007-12-20 00:45 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-20 00:42 . 2005-02-24 13:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-20 00:36 . 2002-02-21 18:56 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-19 09:11 . 2007-12-19 09:11 <DIR> d-------- C:\Program Files\installer
2007-12-19 01:52 . 2007-12-19 01:52 6,144 --a------ C:\Documents and Settings\Rick\ie_updates3r.exe
2007-12-18 13:30 . 2007-12-18 13:30 <DIR> d-------- C:\WINDOWS\system32\ineWc02
2007-12-17 08:05 . 2007-12-17 08:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-12-12 10:50 . 2007-12-12 10:50 28,929 --a------ C:\sysrlhh.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-05-27 22:52 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"XP Antivirus"="C:\Program Files\XP Antivirus\xpantivirus.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 05:00 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:54 385024]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-05-20 21:25 230512]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-05-20 21:25 185456]
"YOP"="C:\PROGRA~1\YAHOO!\YOP\yop.exe" [2005-04-22 19:49 397312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-01 09:49 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03 49263]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w3 2x86\3\WrtMon.exe" [2006-09-20 08:35 20480]
"YBrowser"="C:\PROGRA~1\YAHOO!\browser\ybrwicon.ex e" [2006-07-21 16:19 129536]
  #6  
Old 01-11-2008
ajwp97's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 5
PC Experience: Some Experience
ajwp97 - See this Members User comments on their Profile page
Default Re: infected with something....HELP
Here is the hijackthis log done right after the ComboFix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42, on 2008-01-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Global Acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\s wg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/din...c.1.0.0.92.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{24387A07-DCC6-4020-9AE8-1C2A2E5DE8E7}: NameServer = 85.255.115.62,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F20302D-DB71-4FF5-BD99-A59D086B7C69}: NameServer = 85.255.115.62,85.255.112.107
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.107
O20 - Winlogon Notify: viqbbnbf - viqbbnbf.dll (file missing)
O20 - Winlogon Notify: vtuurpn - vtuurpn.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Local Security Manager (LocalAgent) - Unknown owner - C:\WINDOWS\system32\update293.exe (file missing)
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! In