Jump to content

xxx_emr_xxx

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. i have just ran mbam again aftyer running combofix and hijackthis and it ist finding any problems thankyou for all your help xx
  2. combo fix log: ComboFix 09-01-13.04 - Emma & Mikey 2009-01-15 13:55:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.244 [GMT 0:00] Running from: c:\documents and settings\Emma & Mikey\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) FW: Norton Internet Security *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50 c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\music\Big Band 1.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\music\cannon_in_d.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\aunt_sobs.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\bees.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\bonus_points.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\bridezilla.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\deliver_food.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\dialog_click.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\dialog_roll.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\end_of_level.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\fire.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\game_click.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\lost_points.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\pickup_food.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\pickup_guest.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\planning_right_choice.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\planning_win.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\planning_wrong_choice.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\quinn_fixing_problem.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\quinn_problem.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\ready_to_be_seated.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\seat_guest.ogg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\helppage.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\hintbg.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\levelinfo_bg.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\longdialog.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\talldialog.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\textfield.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\Thumbs.db c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\bitmaps\ui\backgrounds\menu_main.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowdown_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowdown_over.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowdown_up.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowleft_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowleft_over.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowleft_up.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowright_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowright_over.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowright_up.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowup_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowup_over.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowup_up.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\back_button.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\back_button_highlight.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowleft_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowleft_over.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowleft_up.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowright_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowright_over.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowright_up.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_down_long.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_down_med.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_down_short.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_hl_long.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_hl_med.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_hl_short.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_idle_long.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_idle_med.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_idle_short.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\BTNgold_Down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\BTNgold_HL.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\BTNgold_Idle.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\buttondown.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\buttonrollover.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\buttonup.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\checkdown.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\checkup.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\cp_buttondown.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\cp_buttonrollover.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\cp_buttonup.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\highscores_btn_purp_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\highscores_btn_purp_hl.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\highscores_btn_purp_idle.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\planner_btn_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\planner_btn_hl.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\planner_btn_idle.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\telephone_btn_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\telephone_btn_hl.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\telephone_btn_idle.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\cursor\cursor.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fonts\arial.mvec c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\bee.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\bubble.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\confetti.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\flame2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\flash.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_bees.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_bridezilla.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_chef_table_fire.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_end_of_level_1.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_end_of_level_1_fullscreen.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_expert_goal_reached.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_goal_reached.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_guest_ready_to_dance.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_kiss.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_large_point_explosion.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_last_guest.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_last_guest_foreground.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_lost_points.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_medium_point_explosion.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_normal_point_explosion.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_planningreward.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_quinn_boost_meter.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_small_point_explosion.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_steam.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_ui_sparkle.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_upgrade.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\heart.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\heart2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_balloon.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_balloon2.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_bees.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_bubbles.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_confetti_large.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_confetti_medium.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_confetti_small.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_explosion_large.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_explosion_medium.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_explosion_small.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flames_down.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flames_up.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flash_medium.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flash_small.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flower1.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flower2.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flower3.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_heartfall.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_heartsparkle.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_kisses.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_negative.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_negative2.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_reseating.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_rings.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_rings2.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_smoke.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_sparkle.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_sparkle_medium.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_sparkle_menu.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_stars_large.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_stars_medium.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_stars_small.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_steam_left.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_steam_right.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_steam_up.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_streamer_large.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_streamer_medium.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_streamer_small.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\smoke.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\sparkle2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\sparkle4.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\star.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\streamer.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\global-hs-bb_large.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\global-hs-bb_small.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\hiscores_BG.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\local-hs-bb.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\p1icon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\Thumbs.db c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\bg_backyard.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\cake_table.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\cake_table.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\bg_genericdance.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\bg_genericdance.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_mad.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_mad.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_mad.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_mad.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_mad.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_mad.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_cry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_cry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_dance.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_dance.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_eat.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_eat.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_headicon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_headicon.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_highlight.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_highlight_sit.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_stand_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_stand_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_stand_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_stand_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_dance.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_dance.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_eat.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_eat.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_headicon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_headicon.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_stand_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_stand_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_stand_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_stand_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_dance.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_dance.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_eat.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_eat.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_headicon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_headicon.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_stand_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_stand_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_stand_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_stand_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_dance.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_dance.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_eat.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_eat.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_headicon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_headicon.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_stand_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_stand_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_stand_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_stand_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_dance.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_dance.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_eat.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_eat.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_headicon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_headicon.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_stand_angry.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_stand_angry.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_stand_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_stand_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Chef_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_normal.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_normal_work.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_normal_work.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_spin.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_spin.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\DJ.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\dj.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\Quinn_amb1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_amb1.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_east.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_east.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\Quinn_fix.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_fix.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_happy.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_happy.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_idle.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_idle.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_north.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_north.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_south.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_south.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_west.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_west.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_1amb1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_1amb1.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_2amb1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_2amb1.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_amb1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_amb1.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east0.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east0.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east1.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east2.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle1.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle2.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north0.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north0.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north1.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north2.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south0.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south0.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south1.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south2.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west0.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west0.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west1.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west2.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\checkmark.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\checkmark.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\cross.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\expertbadge.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\App1Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\app1full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\App2Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\app2full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\App3Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\app3full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\App4Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\app4full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\AppEmpty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\AppFull.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake1Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake1Full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake2Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake2Full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake3Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake3Full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\CakeEmpty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\CakeFull.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner1Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner1Full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner2Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner2Full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner3Empty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner3Full.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\DinnerEmpty.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\DinnerFull.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_app1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_app2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_app3.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_app4.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_appetizer.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_cake.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_dinner.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_dinner1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_dinner2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_dinner3.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_gift.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_mark1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_mark2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_mark3.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\menu.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Shrimp_small.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Guest_ThoughtBalloon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\guestbubble_alert0003.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\guestbubble_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\guestbubble_warning.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\headerbg.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_1_image01.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_1_image02.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_1_image03.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_1_image04.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_2_image01.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_2_image02.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_2_image03.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Intro\intro_bg.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Intro\introballoon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\lastguest.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\loading\loading.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\loading\loading.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\pointleft.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\quinn_alert_balloon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\quinn_alert_balloon_highlight.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\quinn_alert_balloon_highlight_selected.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Quinn_expert.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Quinn_normal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Quinn_poor.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Quinn_ThoughtBalloon.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\quinnbubble.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Speaker_Idle.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\speaker_idle.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\star.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\chair.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\chair06.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\dishbin.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\headtable1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\musicTable.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\QuinnsTable.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\redtable.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\redtable_2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\redtable_6.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\servingtable_large.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_BG.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_00.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_00.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_01.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_01.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_02.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_02.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_03.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_03.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_04.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_04.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_05.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_05.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_06.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_06.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_07.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_07.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_08.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_08.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_09.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_09.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_10.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_10.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_11.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_11.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_12.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_12.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_13.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_13.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upapp.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upband.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upcake4.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upchair.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upchef.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upchefstable.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upcheftable.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\updance.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\updrink.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upfast.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upgrade_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upgrade_rollover.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upmeal.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upwaitress.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\audrey.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\audrey.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\cake4.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\cake4.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\cake6.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\cake6.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\ira.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\ira.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\planner_bg.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\planning_end_note.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\points_heart.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\small_PLANNER_Flowers01.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\small_PLANNER_Flowers02.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\small_PLANNER_Flowers03.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\small_PLANNER_Flowers07.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upaudrey.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upcake4.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upcake6.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upflowers1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upflowers2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upflowers3.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upflowers7.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\uphoneymoon1.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\uphoneymoon2.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\uphoneymoon3.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\uphoneymoon4.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upira.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upquiche.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Asparagus.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Chicken.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_CrackersAndCheese.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Fish.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Shrimp.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Steakl.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\wp_down.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\wp_over.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\resources.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\arcade1.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\basicSetting.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\closeconfirm.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.1.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.2.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.3.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.4.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.5.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\gametrust_connectdialog.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\helpmenu1.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\helpmenu2.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\hiscore.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\hiscoreinfo.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\hiscoresubmit.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\LevelDefines.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\LevelDialogGenerator.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\LevelManager.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\luaDebug.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\mainloop.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\ok.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\pause.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\pausemenu.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\planning_tutorial.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\privacy.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\quitdialog.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.1.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.2.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.3.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.4.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.5.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\SelectionDefines.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\SelectionDialogGenerator.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\SelectionManager.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\style.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\upgrade1.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\upgrades.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\upsell.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\upsellfinal.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\userdata.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\yesno.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\settings.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\splash\aol_web_logo.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\splash\IE_fullcolor.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\splash\playfirst_logo.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\splash\Thumbs.db c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\strings.xml c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\ui_scripts\common\coordinates.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\ui_scripts\common\style.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\ui_scripts\screens\main_menu_scrn.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\upsell\logo.png c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\upsell\upsell_img_1.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\upsell\upsell_img_2.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\upsell\upsell_img_3.jpg c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\xsellstyle.lua c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\bin\bin2c c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\bin\luac c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\weddingdashlongnamenospace.exe c:\windows\system32\Cache . ((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))) . 2009-01-14 21:15 . 2009-01-14 21:42 <DIR> d-------- c:\program files\The Price Is Right 2009-01-14 21:13 . 2009-01-14 21:21 <DIR> d-------- c:\program files\CLUE Classic 2009-01-14 17:12 . 2009-01-14 17:12 <DIR> d-------- c:\documents and settings\Emma & Mikey\Application Data\Fabulous Finds 2009-01-14 16:53 . 2009-01-14 16:53 <DIR> d-------- c:\program files\Trend Micro 2009-01-14 15:55 . 2009-01-14 15:55 <DIR> d-------- C:\Autoruns 2009-01-12 16:39 . 2009-01-15 13:44 <DIR> d-------- c:\documents and settings\Emma & Mikey\Tracing 2009-01-12 16:37 . 2009-01-12 16:37 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-12 16:37 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll 2009-01-12 16:34 . 2009-01-12 16:34 <DIR> d-------- c:\program files\Microsoft 2009-01-12 16:33 . 2009-01-12 16:33 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-12 16:33 . 2009-01-12 16:38 <DIR> d-------- c:\program files\Windows Live 2009-01-12 16:24 . 2009-01-12 16:24 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-10 15:03 . 2009-01-10 15:03 <DIR> d-------- c:\documents and settings\Emma & Mikey\Application Data\ViquaSoft 2009-01-10 14:52 . 2009-01-10 14:57 <DIR> d-------- c:\program files\Burger Shop 2009-01-06 18:27 . 2009-01-06 20:12 <DIR> d-------- c:\documents and settings\Emma & Mikey\Application Data\Righteous Kill 2009-01-06 17:29 . 2009-01-06 17:33 <DIR> d--h----- c:\program files\The Scruffs 2009-01-06 17:26 . 2009-01-10 14:37 <DIR> d-------- c:\program files\Virtual Villagers The Secret City 2009-01-01 02:19 . 2009-01-01 02:19 <DIR> d-------- c:\program files\MSXML 4.0 2008-12-30 13:29 . 2008-12-30 13:29 <DIR> d-------- c:\documents and settings\Emma & Mikey\Application Data\Samsung 2008-12-30 12:45 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll 2008-12-30 12:41 . 2008-12-30 12:42 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers 2008-12-30 12:41 . 2007-05-02 11:11 109,704 --a------ c:\windows\system32\drivers\ss_mdm.sys 2008-12-30 12:41 . 2007-05-02 11:11 83,592 --a------ c:\windows\system32\drivers\ss_bus.sys 2008-12-30 12:41 . 2007-05-02 11:11 15,112 --a------ c:\windows\system32\drivers\ss_mdfl.sys 2008-12-30 12:41 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_whnt.sys 2008-12-30 12:41 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_wh.sys 2008-12-30 12:41 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_cmnt.sys 2008-12-30 12:41 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_cm.sys 2008-12-30 12:41 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico 2008-12-30 12:40 . 2008-12-30 12:40 <DIR> d-------- c:\program files\Samsung 2008-12-30 12:40 . 2008-12-30 13:09 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys 2008-12-15 00:14 . 2008-12-15 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fugazo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 21:22 --------- d-----w c:\documents and settings\Emma & Mikey\Application Data\Ludia 2009-01-14 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Ludia 2009-01-14 15:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-14 15:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-14 14:10 --------- d-----w c:\documents and settings\Emma & Mikey\Application Data\LimeWire 2009-01-14 14:00 --------- d-----w c:\program files\CCleaner 2009-01-04 18:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 18:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-31 12:13 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-30 12:37 --------- d-----w c:\program files\Common Files\Adobe 2008-12-24 23:12 --------- d-----w c:\documents and settings\Emma & Mikey\Application Data\uTorrent 2008-12-14 18:58 --------- d-----w c:\documents and settings\Emma & Mikey\Application Data\Oberon Games 2008-12-14 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Games 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-09 18:14 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games 2008-12-09 18:13 --------- d-----w c:\documents and settings\Emma & Mikey\Application Data\Sandlot Games 2008-12-09 18:00 --------- d-----w c:\documents and settings\Emma & Mikey\Application Data\Gaijin Ent 2008-12-05 10:02 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys 2008-12-05 02:14 --------- d-----w c:\documents and settings\Emma & Mikey\Application Data\Go-Go Gourmet Chef of the Year 2008-12-05 02:13 --------- d-----w c:\documents and settings\Emma & Mikey\Application Data\Reflexive_Janes_Realty 2008-12-04 22:55 307,560 ----a-w c:\windows\WLXPGSS.SCR 2008-12-04 13:20 --------- d-----w c:\program files\Java 2008-12-02 22:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-26 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\Gogii 2008-11-23 04:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-23 00:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-19 13:04 --------- d-----w c:\documents and settings\Emma & Mikey\Application Data\Home Sweet Home 2 2008-11-10 05:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-04 17:28 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-09-17 13:16 549,159 --sha-r c:\program files\Norton2009Reset.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ares"="c:\program files\Ares\Ares.exe" -h "CTFMON.EXE"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BM5f5fc58a"=Rundll32.exe "c:\windows\system32\penqtjla.dll",s [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "30061:TCP"= 30061:TCP:utorrent R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-11 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2008-12-11 362544] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090113.003\IDSxpx86.sys [2009-01-15 274808] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-01 99376] R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560] S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-04-19 6656] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys --> c:\windows\system32\Drivers\gHidPnp.Sys [?] S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys --> c:\windows\system32\DRIVERS\gMouUsb.sys [?] S4 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-09-17 549159] . - - - - ORPHANS REMOVED - - - - BHO-{DD4B79AD-C101-45A3-BB9B-4A144B6B1232} - (no file) HKLM-Run-5c6cf616 - c:\window\system32\drpccles.dll . ------- Supplementary Scan ------- . uLocal Page = \blank.htm uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll O16 -: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-15 13:58:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(920) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-01-15 14:00:56 ComboFix-quarantined-files.txt 2009-01-15 14:00:49 Pre-Run: 7,977,299,968 bytes free Post-Run: 8,365,576,192 bytes free 725 --- E O F --- 2009-01-15 13:44:13 hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:04:45, on 15/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217346372810 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe -- End of file - 6033 bytes
  3. here is my new hijackths log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:06:22, on 14/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {DD4B79AD-C101-45A3-BB9B-4A144B6B1232} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [5c6cf616] rundll32.exe "C:\WINDOW\system32\drpccles.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217346372810 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe -- End of file - 6193 bytes
  4. i have ran malware loads of times and it always tells me its been removed but when i scan agen it gets found agen so here is my mbam-log: Malwarebytes' Anti-Malware 1.32 Database version: 1652 Windows 5.1.2600 Service Pack 3 14/01/2009 17:03:11 mbam-log-2009-01-14 (17-03-11).txt Scan type: Quick Scan Objects scanned: 48837 Time elapsed: 7 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c6cf616 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) and here is my hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:54:13, on 14/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {DD4B79AD-C101-45A3-BB9B-4A144B6B1232} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [5c6cf616] rundll32.exe "C:\WINDOW\system32\drpccles.dll",b O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217346372810 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe -- End of file - 6338 bytes PLEASE HELP
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.