Pop up nightmare- Not a techy(RESOLVED)
-
Pop up nightmare- Not a techy(RESOLVED)
Hello
Sorry if this is a repetition of other threads but I couldn't understand the procedure to overun pop ups.
My particular problem is that I am getting pop-ups ALL the time begining by "CiD:" with advertising or other invading stuff.
Could you please let me know "simply as in for dummies" how can I kill those for good?
I have spydoctor as well a CA antivirus but that obviously doesn't do the job.
Thanks for any help you coud bring.
-
In my signature is a link for hijackthis please click it and copy/paste a copy of hijackthis back here in this thread.
Also...
1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Combofix should nail thosae popups
-
Hi, thanks for your help. Here is my combofix log.
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\dinerdash 2.exe
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\pl ayfirstlogo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\st rings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\dirty_dishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\foodtray.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\heart1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\heart2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\heart3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\mop_prop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\baby_cry.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\chef_cook1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\closing_time.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\customer_ditch.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\dialog_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\dialog_up.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\drink_table.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\expert.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\highchair_deliver.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\highchair_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\keystroke2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\level_lose.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\level_win.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\menu_click.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\menu_rollover.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\mop_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\mop_spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_menu_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\table_drink.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\tip_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\fullscreendialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\high_score_menu_bg.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\levelintro.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\levelover.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\longdialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\longdialog.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\mainmenu_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\popup.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\upgrade_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowdown_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowdown_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowdown_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowup_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowup_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowup_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\checkbox_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\checkbox_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\checkbox_rotated_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\checkbox_rotated_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\decor_highlight.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\decor_normal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\decor_selected.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_large_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_large_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_large_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_small_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_small_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_small_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\left_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\left_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\left_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button1_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button2_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button2_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button2_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button2_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\map_button_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\map_button_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\map_button_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\right_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\right_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\right_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\upgrade_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\welcome_player.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\actionpoints.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\career.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\customer.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\endless.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\global.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\powerups.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co ok\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\baby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\baby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\blue_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\red_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\idle.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\lower.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\upper.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fo nts\mercurius.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\blue_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\chair.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\dishcart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\green_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\highchairbaby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\highchairbaby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\highchair_prop_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\highchair_prop_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\luxury_bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\luxury_bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\mop_station_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\mop_station_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\mop_station_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\podium.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\podium_heart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\podium_heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\purple_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\radio.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\red_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\spill.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\spill.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\ticketstation.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\yellow_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\family.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help1_colormatch1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help1_colormatch2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help1_noise.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help1_score.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_cleardishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_givecheck.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_pickupfood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_servefood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_takeorder.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help_dividerline.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\hi score\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\hi score\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_2.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_3.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_4.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_5.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_6.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\endless_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\endless_1_1_a.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\endless_1_1_b.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\endless_1_1_c.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\green.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\green.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\grey.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\food\cup1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\food\food.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\food\food.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\frames\2_0.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\frames\2_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\people\cook.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\people\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\props\cup_prop1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\tables\2top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\tables\4top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\careerupgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\closeconfirm.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\entername.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\getmoregames.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\help1.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sp lash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sp lash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \angersmoke.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \chairflags.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \check.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \coinflip.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \decor_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \foodpoof.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \heartgrow.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \jar.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \lives_icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \noisering.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \tablenumber_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \tablenumber_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \ui_base.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \ui_hand.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \ui_timer_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \ui_timer_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \bubbles\request_bubble.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \bubbles\request_mop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \bubbles\request_rejectmeal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_d.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_e.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_f.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_drink_station1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_drink_station1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_drink_station1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_luxury_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_luxury_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_luxury_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_oven_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_oven_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_oven_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_podium_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_podium_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_podium_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_powerbars_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_powerbars_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_powerbars_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_radio_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_radio_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_radio_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_stereo_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_stereo_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_stereo_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_table_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_table_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_table_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\up sell\dd1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\up sell\dd2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\up sell\dd3.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\up sell\dd4.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-19 ))))))))))))))))))))))))))))))))))
2007-05-19 19:09 <DIR> d-------- C:\Program Files\PlayFirst
2007-05-19 18:15 <DIR> d-------- C:\Downloads
2007-05-12 15:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
2007-05-10 18:06 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-05-10 18:06 180,224 --a------ C:\WINDOWS\system32\SanDisk Screen Saver.scr
2007-05-10 18:06 <DIR> d-------- C:\Program Files\SanDisk
2007-05-08 10:26 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-04-20 12:21 <DIR> d-------- C:\Programme
2007-04-19 12:51 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-04-19 12:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-04-19 12:47 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-04-19 12:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-04-19 12:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-04-19 12:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-04-19 12:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-04-19 12:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-04-19 12:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2007-05-14 14:11:27 -------- d-----w C:\DOCUME~1\Carine\APPLIC~1\Azureus
2007-05-10 17:07:18 -------- d-----w C:\DOCUME~1\Carine\APPLIC~1\Arcsoft
2007-05-10 17:06:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-06 07:13:33 630,464 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-05-06 07:13:33 108,656 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-04-20 11:45:58 -------- d-----w C:\DOCUME~1\Carine\APPLIC~1\Nokia
2007-04-19 11:52:11 -------- d-----w C:\Program Files\DIFX
2007-04-19 11:51:31 -------- d-----w C:\Program Files\Common Files\Nokia
2007-04-19 11:16:33 -------- d-----w C:\Program Files\Nokia
2007-04-18 16:28:14 26,787 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-04-18 16:27:31 75,280 ----a-w C:\WINDOWS\system32\VetRedir.dll
2007-04-18 16:27:31 112,144 ----a-w C:\WINDOWS\AVShlExt.dll
2007-04-18 16:27:31 103,952 ----a-w C:\WINDOWS\UnVet32.exe
2007-04-18 16:27:30 21,011 ----a-w C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-04-18 16:27:30 16,227 ----a-w C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-04-18 16:27:30 15,490 ----a-w C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-03-17 17:19:26 -------- d-----w C:\DOCUME~1\Carine\APPLIC~1\Real
2007-03-17 17:14:36 -------- d-----w C:\Program Files\Picasa2
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-10 18:48:26 -------- d-----w C:\DOCUME~1\Carine\APPLIC~1\LoudDogLess
2007-03-09 09:28:03 -------- d-----w C:\Program Files\MSN Messenger
2007-03-09 09:27:57 -------- d-----w C:\Program Files\Pop up Blocker
2007-03-09 09:26:28 -------- d-----w C:\Program Files\NCH Swift Sound
2007-03-09 09:26:28 -------- d-----w C:\DOCUME~1\Carine\APPLIC~1\NCH Swift Sound
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 08:05:37 -------- d-----w C:\Program Files\CA
2007-02-22 09:15:12 90,624 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2007-02-10 19:11:26 16 ----a-w C:\WINDOWS\popcinfo.dat
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dl l [2006-08-01 16:27]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]
{B16F8052-1A10-4967-9F98-1A21ECC782F2}=C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL [2006-11-10 01:39]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dl l [2006-08-01 16:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"UserFaultCheck"="%systemroot%\system32\dumpre p 0 -u" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42]
"@"="" []
"AOL_Demo"="C:\Applications\Tool\AOL Demo\DSGDemo.exe" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 06:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 06:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 06:17]
"SMSERIAL"="sm56hlpr.exe" []
"SkyTel"="SkyTel.EXE" []
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-10 13:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"waymessownstype"="C:\Documents and Settings\All Users\Application Data\draw nurb way mess\Bin Cool.exe" [2007-03-10 19:48]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-06-26 12:03]
"CaAvTray"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" [2007-04-18 17:27]
"CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [2007-04-18 17:27]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Power2GoExpress"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-02-01 18:51]
"axisbase"="C:\DOCUME~1\Carine\APPLIC~1\LOUDDO~1\B ibRuleGram.exe" [2007-03-10 19:47]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-11 16:35]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter HTTPFilter
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunch TermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
*Newly Created Service* -PROCEXP90
Contents of the 'Scheduled Tasks' folder
2007-05-19 19:00:00 C:\WINDOWS\tasks\AD19C39A918A777E.job
2007-01-09 08:44:47 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-03-27 19:25:00 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Carine at 19 25.job
2007-05-19 16:26:16 C:\WINDOWS\tasks\User_Feed_Synchronization-{A716F2F6-A6BA-4CE4-BF15-6F641E2C0115}.job
************************************************** ******************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-19 20:17:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ******************
Completion time: 2007-05-19 20:19:19
C:\ComboFix-quarantined-files.txt ... 2007-05-19 20:19
--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\dinerdash 2.exe
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\pl ayfirstlogo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\st rings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\dirty_dishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\foodtray.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\heart1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\heart2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\heart3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\mop_prop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ac cessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\baby_cry.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\chef_cook1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\closing_time.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\customer_ditch.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\dialog_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\dialog_up.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\drink_table.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\expert.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\highchair_deliver.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\highchair_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\keystroke2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\level_lose.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\level_win.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\menu_click.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\menu_rollover.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\mop_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\mop_spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_menu_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\table_drink.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\au dio\sfx\tip_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\fullscreendialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\high_score_menu_bg.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\levelintro.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\levelover.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\longdialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\longdialog.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\mainmenu_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\popup.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ba ckgrounds\upgrade_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowdown_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowdown_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowdown_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowup_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowup_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\arrowup_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\checkbox_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\checkbox_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\checkbox_rotated_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\checkbox_rotated_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\decor_highlight.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\decor_normal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\decor_selected.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_large_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_large_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_large_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_small_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_small_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\dialog_button_a_small_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\left_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\left_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\left_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button1_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button2_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button2_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button2_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\main_menu_button2_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\map_button_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\map_button_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\map_button_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\right_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\right_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\right_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\upgrade_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\bu ttons\welcome_player.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\actionpoints.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\career.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\customer.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\endless.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\global.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co nfig\powerups.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\co ok\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu rsor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\dad_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\kid_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\baby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\baby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\blue_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\red_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\mom_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cu stomers\young_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\idle.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\lower.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\upper.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fl o\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fo nts\mercurius.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\blue_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\chair.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\dishcart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\green_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\highchairbaby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\highchairbaby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\highchair_prop_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\highchair_prop_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\luxury_bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\luxury_bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\mop_station_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\mop_station_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\mop_station_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\podium.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\podium_heart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\podium_heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\purple_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\radio.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\red_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\spill.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\spill.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\ticketstation.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fu rniture\yellow_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\family.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help1_colormatch1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help1_colormatch2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help1_noise.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help1_score.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_cleardishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_givecheck.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_pickupfood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_servefood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help2_takeorder.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\he lp\help_dividerline.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\hi score\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\hi score\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_2.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_3.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_4.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_5.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\career_1_6.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\endless_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\endless_1_1_a.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\endless_1_1_b.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\la youts\endless_1_1_c.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\green.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\green.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\grey.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\chairs\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\food\cup1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\food\food.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\food\food.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\frames\2_0.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\frames\2_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\people\cook.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\people\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\props\cup_prop1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\tables\2top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\tables\4top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\re staurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\careerupgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\closeconfirm.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\entername.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\getmoregames.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\help1.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sc ripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sp lash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\sp lash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \angersmoke.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \chairflags.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \check.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \coinflip.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \decor_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \foodpoof.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \heartgrow.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \jar.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \lives_icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \noisering.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \tablenumber_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \tablenumber_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \ui_base.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \ui_hand.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \ui_timer_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \ui_timer_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \bubbles\request_bubble.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \bubbles\request_mop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \bubbles\request_rejectmeal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_d.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_e.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \notes\music_boost_f.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_drink_station1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_drink_station1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_drink_station1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_luxury_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_luxury_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_luxury_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_oven_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_oven_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_oven_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_podium_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_podium_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_podium_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_powerbars_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_powerbars_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_powerbars_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_radio_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_radio_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_radio_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_stereo_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_stereo_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_stereo_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_table_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_table_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui \upgrades\icon_table_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\up sell\dd1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\up sell\dd2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\up sell\dd3.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\up sell\dd4.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48
((((((((((((((((((((((((((((((( Files Created from 19/0-01-07 to 19/05/2007 ))))))))))))))))))))))))))))))))))
Now here is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 20:38:52, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\ComboFix\10165.cfexe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Carine\My Documents\Mes fichiers reçus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTBPos00 - {B16F8052-1A10-4967-9F98-1A21ECC782F2} - C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [waymessownstype] C:\Documents and Settings\All Users\Application Data\draw nurb way mess\Bin Cool.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [axisbase] C:\DOCUME~1\Carine\APPLIC~1\LOUDDO~1\BibRuleGram.e xe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/14.22/uploader2.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=e183de...2.1.0.0.48.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://beta.photobox.co.uk/assets/ac...loader_uni.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=a5f496...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
HOPE YOU WILL BE ABLE TO HELP ME
Last edited by lamaline; 19-05-2007 at 08:42 PM.
Reason: Hijackthis log was missing
-
Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3- First close any other programs you have running as this will require a reboot
- Double click NoLop.exe to run it
- Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>> - When scanning is finished you will be prompted to reboot only if infected, Click OK
- Now click the "REBOOT" Button.
- A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--
And a new hijackthis log please.
-
OK,
Here is the hijackthis log for today:
Logfile of HijackThis v1.99.1
Scan saved at 10:19:32, on 20/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Documents and Settings\Carine\My Documents\Mes fichiers reçus\HijackThis.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\autodown.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTBPos00 - {B16F8052-1A10-4967-9F98-1A21ECC782F2} - C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [waymessownstype] C:\Documents and Settings\All Users\Application Data\draw nurb way mess\Bin Cool.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [axisbase] C:\DOCUME~1\Carine\APPLIC~1\LOUDDO~1\BibRuleGram.e xe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/14.22/uploader2.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=e183de...2.1.0.0.48.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://beta.photobox.co.uk/assets/ac...loader_uni.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=a5f496...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
And here is the nolooplog:
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\Carine\My Documents\Mes fichiers reçus
[20/05/2007]
[10:14:57]
---Infection Files Found/Removed---
C:\WINDOWS\tasks\AD19C39A918A777E.job
Beginning Removal...
Rebooting...
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Cyberlink
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Ca
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
C:\Documents and Settings\All Users\Application Data\Draw Nurb Way Mess
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Napster
C:\Documents and Settings\All Users\Application Data\Nch Swift Sound
C:\Documents and Settings\All Users\Application Data\Nokia
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Playfirst
C:\Documents and Settings\All Users\Application Data\Popcap
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Zylom
C:\Documents and Settings\Carine\Application Data\Adobe
C:\Documents and Settings\Carine\Application Data\Adobeum
C:\Documents and Settings\Carine\Application Data\Apple Computer
C:\Documents and Settings\Carine\Application Data\Arcsoft
C:\Documents and Settings\Carine\Application Data\Azureus
C:\Documents and Settings\Carine\Application Data\Cyberlink
C:\Documents and Settings\Carine\Application Data\Datalayer
C:\Documents and Settings\Carine\Application Data\Divx
C:\Documents and Settings\Carine\Application Data\Google
C:\Documents and Settings\Carine\Application Data\Identities
C:\Documents and Settings\Carine\Application Data\Lavasoft
C:\Documents and Settings\Carine\Application Data\Limewire
C:\Documents and Settings\Carine\Application Data\Louddogless
C:\Documents and Settings\Carine\Application Data\Macromedia
C:\Documents and Settings\Carine\Application Data\Microsoft
C:\Documents and Settings\Carine\Application Data\Nch Swift Sound
C:\Documents and Settings\Carine\Application Data\Nokia
C:\Documents and Settings\Carine\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Carine\Application Data\Pc Suite
C:\Documents and Settings\Carine\Application Data\Pc Tools
C:\Documents and Settings\Carine\Application Data\Playfirst
C:\Documents and Settings\Carine\Application Data\Real
C:\Documents and Settings\Carine\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Carine\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Cyberlink
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Papa Ours\Application Data\Adobe
C:\Documents and Settings\Papa Ours\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Papa Ours\Application Data\Cyberlink
C:\Documents and Settings\Papa Ours\Application Data\Identities
C:\Documents and Settings\Papa Ours\Application Data\Microsoft
C:\Documents and Settings\Papa Ours\Application Data\Pc Suite
C:\Documents and Settings\Papa Ours\Application Data\Real
C:\Documents and Settings\Papa Ours\Application Data\Sampleview -- EMPTY Directory
-----------
Let me know the next steps. I still have those pop-ups (but less...)
Thank you
Carine
-
Hi,
Run hijackthis and click on scan button and put checks next to these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [waymessownstype] C:\Documents and Settings\All Users\Application Data\draw nurb way mess\Bin Cool.exe
O4 - HKCU\..\Run: [axisbase] C:\DOCUME~1\Carine\APPLIC~1\LOUDDO~1\BibRuleGram.e xe
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FILES:
ALCMTR.EXE
DELETE FOLDERS
C:\Documents and Settings\All Users\Application Data\draw nurb way mess
C:\DOCUME~1\Carine\APPLIC~1\LOUDDO~1 >--folder begins with LOUDDO
Reboot normal mode and post a new hijackthis log and tell me how things are now.
-
Here is the latest hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 18:34:21, on 20/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Carine\My Documents\Mes fichiers reçus\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTBPos00 - {B16F8052-1A10-4967-9F98-1A21ECC782F2} - C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [waymessownstype] C:\Documents and Settings\All Users\Application Data\draw nurb way mess\Bin Cool.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [axisbase] C:\DOCUME~1\Carine\APPLIC~1\LOUDDO~1\BibRuleGram.e xe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/14.22/uploader2.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=e183de...2.1.0.0.48.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://beta.photobox.co.uk/assets/ac...loader_uni.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=a5f496...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
APPARENTLY NO MORE POP UPS! YOU'RE A STAR!
THANK YOU EVER SO MUCH
-
Did you delete those folders from safe mode?
If so they came back.
Fix these again and delete the folders in red
O4 - HKLM\..\Run: [waymessownstype] C:\Documents and Settings\All Users\Application Data\draw nurb way mess\Bin Cool.exe
O4 - HKCU\..\Run: [axisbase] C:\DOCUME~1\Carine\APPLIC~1\LOUDDO~1\BibRuleGram.e xe
New hijackthis log please.
-
sounds weird because i indeed deleted those folders in safe mode via explorer... anyway, this time I have deleted them directly into the hijackthis soft. Here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 08:52:30, on 21/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Carine\My Documents\Mes fichiers reçus\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTBPos00 - {B16F8052-1A10-4967-9F98-1A21ECC782F2} - C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/14.22/uploader2.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=e183de...2.1.0.0.48.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://beta.photobox.co.uk/assets/ac...loader_uni.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=a5f496...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
AGAIN THANK YOU THIS IS A GREAT HELP!
-
Your good to go:
If you are no longer having any more trouble here is some preventative measures for you.
Be sure to re-hide hidden files/folders if you were asked to unhide them
Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.
http://www.d-a-l.com/help/showthread.php?t=32403
Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.
Explained Here:
Windows XP: http://vil.nai.com/vil/SystemHelpDoc...ysRestore.aspx
Explained Here
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
RegProtect
This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.
You have the option of allowing(good) items or blocking(bad)items.
http://www.diamondcs.com.au/index.php?page=regprot
To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Windows Defender
http://www.microsoft.com/athome/secu...e/default.mspx
4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm
Zone Labs Personal Firewall:
Zone Labs
5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/
6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:
http://www.javacoolsoftware.com/spywareblaster.html
If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm
Block access to Untrustworthy Sites
You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.
*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
Full Member
