Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Invisible Pop-ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-25-2009, 09:14 AM   #1 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 22
OS: Windows Vista SP1


Invisible Pop-ups
Recently I've been hearing "advertisements" when I am connected to the internet. There are no pop-ups, but (from what I can distinguish) anywhere from 1 to 5 advertisements can be heard at one time.
When I'm not connected to the internet, from time to time, IE will open on its own and want to connect to a website. I'm not sure what website it would be linking to because all that shows up in the address bar is " javascript:clickRefresh() "
In my Windows Task Manager, I've figured out that the program that runs the spyware is a "msa.exe" ; Beyond that however, I don't know anything more about it.

Here is my DDS file:


DDS (Ver_09-05-14.01) - NTFSx86
Run by d(o^.^o)b at 0:31:45.46 on 09.06.25
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.561 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090624-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\d(o^.^o)b\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\fscagent.exe
C:\WINDOWS\system32\grdmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\d(o^.^o)b\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://search.811.com/saecs.html
uSearch Bar = hxxp://search.811.com/saecs.html
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.811.com/saecs.html
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB: {9198CEC1-4DD8-95E7-1053-F5AAFDBBE0FB} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [OneNote] "c:\program files\microsoft office\office12\ONENOTEM.EXE" /tsr
uRun: [Google Update] "c:\documents and settings\d(o^.^o)b\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ClubBox] "c:\windows\system32\clubbox.exe" -l
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] c:\progra~1\avast\ashDisp.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\d(o^~1.^o)\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\twhirl.lnk - c:\program files\twhirl\twhirl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {61A54BB0-F380-446F-8727-9AEA23711471} - hxxp://p.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090318.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\d(o^~1.^o)\applic~1\mozilla\firefox\profiles\mvs0ju72.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\d(o^.^o)b\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\d(o^.^o)b\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-22 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-15 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-28 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\ashServ.exe [2009-4-28 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1005904]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast\ashMaiSv.exe [2009-4-28 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast\ashWebSv.exe [2009-4-28 352920]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-5-10 808448]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-6-7 30080]

=============== Created Last 30 ================

2009-06-24 22:22 <DIR> --dsh--- c:\documents and settings\d(o^.^o)b\PrivacIE
2009-06-24 21:36 121,348 a------- c:\windows\msa.exe
2009-06-24 03:49 <DIR> --dsh--- c:\documents and settings\d(o^.^o)b\IETldCache
2009-06-24 02:07 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-24 02:06 <DIR> --d----- c:\windows\ie8updates
2009-06-24 02:01 <DIR> -cd-h--- c:\windows\ie8
2009-06-14 00:32 <DIR> --d----- c:\program files\ReflexiveArcade
2009-06-13 14:00 <DIR> --d----- C:\games
2009-06-13 01:37 <DIR> --d----- c:\windows\DSL
2009-06-13 01:37 <DIR> --d----- c:\program files\Verizon
2009-06-13 01:37 <DIR> --d----- c:\program files\common files\SupportSoft
2009-06-03 01:02 1,626,112 a----r-- c:\windows\system32\clubbox.exe
2009-06-02 08:24 167,936 a----r-- c:\windows\system32\fscagent.exe
2009-06-01 17:26 28,160 ac------ c:\windows\system32\dllcache\irmon.dll
2009-06-01 17:26 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-06-01 17:26 28,160 a------- c:\windows\system32\irmon.dll
2009-06-01 17:26 8,192 a------- c:\windows\system32\wshirda.dll
2009-06-01 17:26 151,552 ac------ c:\windows\system32\dllcache\irftp.exe
2009-06-01 17:26 151,552 a------- c:\windows\system32\irftp.exe
2009-06-01 07:47 <DIR> --d----- c:\program files\Mahjong Towers Eternity
2009-06-01 07:44 <DIR> --d----- c:\program files\Mystery Case Files - Huntsville
2009-06-01 07:43 <DIR> --d----- c:\program files\bfgclient
2009-06-01 07:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2009-05-30 20:05 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-30 20:05 <DIR> --d----- c:\program files\DivX
2009-05-27 21:31 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-05-27 21:31 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 21:54 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 07:36 155,648 a----r-- c:\windows\system32\downengine.dll
2009-04-20 10:07 103,736 a------- c:\windows\system32\QckHelper.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-12-25 23:15 665,344 a------- c:\documents and settings\d(o^.^o)b\backup.zip
2008-09-11 18:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat

============= FINISH: 0:32:37.15 ===============
Attached Files
File Type: zip Attach.zip (4.3 KB, 1 views)
artemisaangel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-25-2009, 10:55 AM   #2 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,470
OS: Vista, Linux Mint


Re: Invisible Pop-ups
hi.

Welcome to TSF

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

---------------------------------------------------------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

Please include the C:\ComboFix.txt in your next reply for further review.


Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2009, 11:30 AM   #3 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 22
OS: Windows Vista SP1


Re: Invisible Pop-ups
Thanks for the fast response :)

Here is the combofix log:

ComboFix 09-06-24.05 - d(o^.^o)b 09.06.25 10:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.520 [GMT -7:00]
Running from: c:\documents and settings\d(o^.^o)b\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 38
\LOCALS~1\Temp\ was unexpected at this time.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\music\Big Band 1.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\music\cannon_in_d.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\aunt_sobs.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\bees.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\bonus_points.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\bridezilla.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\deliver_food.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\dialog_click.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\dialog_roll.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\end_of_level.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\fire.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\game_click.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\lost_points.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\pickup_food.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\pickup_guest.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\planning_right_choice.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\planning_win.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\planning_wrong_choice.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\quinn_fixing_problem.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\quinn_problem.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\ready_to_be_seated.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\seat_guest.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\helppage.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\hintbg.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\levelinfo_bg.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\talldialog.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\bitmaps\ui\backgrounds\menu_main.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\back_button.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\back_button_highlight.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_down_long.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_down_med.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_down_short.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_hl_long.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_hl_med.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_hl_short.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_idle_long.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_idle_med.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_idle_short.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\BTNgold_Down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\BTNgold_HL.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\BTNgold_Idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\buttondown.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\buttonrollover.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\buttonup.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\cp_buttondown.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\cp_buttonrollover.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\cp_buttonup.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\highscores_btn_purp_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\highscores_btn_purp_hl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\highscores_btn_purp_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\planner_btn_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\planner_btn_hl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\planner_btn_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\telephone_btn_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\telephone_btn_hl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\telephone_btn_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\cursor\cursor.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\bee.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\bubble.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\confetti.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\flame2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\flash.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_bees.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_bridezilla.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_chef_table_fire.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_end_of_level_1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_end_of_level_1_fullscreen.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_expert_goal_reached.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_goal_reached.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_guest_ready_to_dance.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_kiss.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_large_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_last_guest.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_last_guest_foreground.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_lost_points.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_medium_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_normal_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_planningreward.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_quinn_boost_meter.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_small_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_steam.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_ui_sparkle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_upgrade.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\heart.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\heart2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_balloon.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_balloon2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_bees.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_bubbles.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_confetti_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_confetti_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_confetti_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_explosion_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_explosion_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_explosion_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flames_down.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flames_up.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flash_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flash_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flower1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flower2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flower3.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_heartfall.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_heartsparkle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_kisses.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_negative.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_negative2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_reseating.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_rings.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_rings2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_smoke.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_sparkle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_sparkle_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_sparkle_menu.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_stars_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_stars_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_stars_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_steam_left.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_steam_right.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_steam_up.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_streamer_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_streamer_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_streamer_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\smoke.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\sparkle2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\sparkle4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\star.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\streamer.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\global-hs-bb_large.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\global-hs-bb_small.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\hiscores_BG.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\bg_backyard.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\cake_table.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\cake_table.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\bg_genericdance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\bg_genericdance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_mad.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_mad.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_cry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_cry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_highlight.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_highlight_sit.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Chef_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_normal_work.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_normal_work.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_spin.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_spin.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\DJ.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\dj.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\Quinn_amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_east.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_east.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\Quinn_fix.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_fix.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_idle.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_north.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_north.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_south.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_south.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_west.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_west.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_1amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_1amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_2amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_2amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\checkmark.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\checkmark.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\cross.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\expertbadge.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\App1Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\app1full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\App2Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\app2full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\App3Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\app3full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\App4Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\app4full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\AppEmpty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\AppFull.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake1Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake1Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake2Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake2Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake3Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake3Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\CakeEmpty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\CakeFull.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner1Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner1Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner2Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner2Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner3Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner3Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\DinnerEmpty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\DinnerFull.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_app1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_app2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_app3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_app4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_appetizer.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_cake.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_dinner.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_dinner1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_dinner2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_dinner3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_gift.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_mark1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_mark2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_mark3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\menu.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Shrimp_small.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Guest_ThoughtBalloon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\guestbubble_alert0003.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\guestbubble_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\guestbubble_warning.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\headerbg.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_1_image01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_1_image02.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_1_image03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_1_image04.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_2_image01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_2_image02.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_2_image03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Intro\intro_bg.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Intro\introballoon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\lastguest.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\loading\loading.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\loading\loading.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\pointleft.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\quinn_alert_balloon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\quinn_alert_balloon_highlight.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\quinn_alert_balloon_highlight_selected.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Quinn_expert.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Quinn_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Quinn_poor.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Quinn_ThoughtBalloon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\quinnbubble.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Speaker_Idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\speaker_idle.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\star.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\chair.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\chair06.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\dishbin.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\headtable1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\musicTable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\QuinnsTable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\redtable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\redtable_2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\redtable_6.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\servingtable_large.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_BG.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_00.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_00.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_01.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_02.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_02.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_03.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_04.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_04.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_05.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_05.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_06.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_06.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_07.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_07.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_08.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_08.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_09.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_09.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_10.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_10.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_11.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_11.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_12.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_12.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_13.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_13.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upapp.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upband.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upcake4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upchair.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upchef.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upchefstable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upcheftable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\updance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\updrink.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upfast.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upgrade_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upgrade_rollover.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upmeal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upwaitress.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\audrey.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\audrey.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\cake4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\cake4.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\cake6.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\cake6.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\ira.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\ira.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\planner_bg.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\planning_end_note.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\points_heart.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\small_PLANNER_Flowers01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\small_PLANNER_Flowers02.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\small_PLANNER_Flowers03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\small_PLANNER_Flowers07.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upaudrey.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upcake4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upcake6.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upflowers1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upflowers2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upflowers3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upflowers7.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\uphoneymoon1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\uphoneymoon2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\uphoneymoon3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\uphoneymoon4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upira.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upquiche.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Asparagus.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Chicken.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_CrackersAndCheese.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Fish.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Shrimp.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Steakl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\wp_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\wp_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\resources.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\arcade1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\basicSetting.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.3.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.4.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.5.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\helpmenu1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\helpmenu2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\LevelDefines.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\LevelDialogGenerator.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\LevelManager.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\luaDebug.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\pausemenu.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\planning_tutorial.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\privacy.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\quitdialog.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.3.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.4.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.5.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\SelectionDefines.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\SelectionDialogGenerator.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\SelectionManager.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\style.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\upgrade1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\upgrades.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\userdata.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\settings.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\splash\aol_web_logo.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\splash\IE_fullcolor.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\strings.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\ui_scripts\common\coordinates.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\ui_scripts\common\style.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\ui_scripts\screens\main_menu_scrn.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\upsell\logo.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\upsell\upsell_img_1.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\upsell\upsell_img_2.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\upsell\upsell_img_3.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\xsellstyle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\bin\bin2c
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\bin\luac
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\weddingdashlongnamenospace.exe
c:\windows\msa.exe
c:\windows\msnimport.exe
c:\windows\system32\url(3).dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 05:22 . 2009-06-25 05:22 -------- d-sh--w- c:\documents and settings\d(o^.^o)b\PrivacIE
2009-06-24 17:09 . 2009-06-24 17:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-24 10:49 . 2009-06-24 10:49 -------- d-sh--w- c:\documents and settings\d(o^.^o)b\IETldCache
2009-06-24 09:07 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-24 09:06 . 2009-06-24 09:07 -------- d-----w- c:\windows\ie8updates
2009-06-24 09:04 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-24 09:04 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-24 09:01 . 2009-06-24 09:04 -------- dc-h--w- c:\windows\ie8
2009-06-14 07:32 . 2009-06-14 07:32 -------- d-----w- c:\program files\ReflexiveArcade
2009-06-13 21:01 . 2009-06-14 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-13 21:00 . 2009-06-13 21:00 -------- d-----w- C:\games
2009-06-13 08:37 . 2009-06-13 08:37 -------- d-----w- c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\SupportSoft
2009-06-13 08:37 . 2009-06-13 08:50 -------- d-----w- c:\windows\DSL
2009-06-13 08:37 . 2009-06-13 08:37 -------- d-----w- c:\program files\Verizon
2009-06-13 08:37 . 2009-06-13 08:37 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-06-11 18:14 . 2009-06-11 18:14 -------- d-----w- c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\GestaltGames
2009-06-04 10:37 . 2008-12-04 08:25 120832 ----a-w- c:\documents and settings\d(o^.^o)b\Application Data\Mozilla\Firefox\Profiles\mvs0ju72.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-04 07:00 . 2009-06-04 07:00 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 08:02 . 2009-06-03 08:02 1626112 ----a-r- c:\windows\system32\clubbox.exe
2009-06-02 15:24 . 2009-06-02 15:24 167936 ----a-r- c:\windows\system32\fscagent.exe
2009-06-02 00:26 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-02 00:26 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-06-02 00:26 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-06-02 00:26 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\irmon.dll
2009-06-02 00:26 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-06-02 00:26 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\irftp.exe
2009-06-01 14:47 . 2009-06-14 22:46 -------- d-----w- c:\program files\Mahjong Towers Eternity
2009-06-01 14:44 . 2009-06-01 14:45 -------- d-----w- c:\program files\Mystery Case Files - Huntsville
2009-06-01 14:43 . 2009-06-01 14:43 -------- d-----w- c:\program files\bfgclient
2009-06-01 14:43 . 2009-06-14 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-31 03:05 . 2009-05-31 03:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-31 03:05 . 2009-05-31 03:06 -------- d-----w- c:\program files\DivX
2009-05-29 04:54 . 2009-05-29 04:54 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-29 04:54 . 2009-05-29 04:54 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-29 04:54 . 2009-05-29 04:54 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-29 04:54 . 2009-05-29 04:54 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-28 04:31 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-28 04:31 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 16:05 . 2008-09-25 23:27 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\HPAppData
2009-06-25 07:06 . 2008-05-11 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 05:24 . 2008-11-07 07:37 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Songbird2
2009-06-24 10:51 . 2008-05-13 21:11 80 ----a-w- c:\windows\system32\fscagent.ini.tmp
2009-06-24 10:33 . 2008-05-11 21:50 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\uTorrent
2009-06-24 10:24 . 2009-02-09 21:41 762 ----a-w- c:\windows\system32\fscflist.ini.tmp
2009-06-23 04:41 . 2008-05-10 22:28 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Apple Computer
2009-06-21 01:35 . 2009-05-03 09:39 -------- d-----w- c:\program files\Mnet P3Modules
2009-06-20 08:18 . 2009-04-27 04:40 -------- d-----w- c:\program files\FormatFactory
2009-06-17 22:18 . 2008-06-18 12:01 -------- d-----w- c:\program files\KBS Kong v3
2009-06-16 20:48 . 2008-05-18 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-14 23:14 . 2009-03-23 05:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-14 07:34 . 2009-01-25 00:22 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\PlayFirst
2009-06-14 07:33 . 2009-01-25 00:22 -------- d-----w- c:\program files\GameHouse
2009-06-06 10:18 . 2009-04-28 23:20 -------- d-----w- c:\program files\Avast
2009-06-04 07:08 . 2008-05-10 10:42 -------- d-----w- c:\program files\iTunes
2009-06-04 07:07 . 2008-05-10 10:42 -------- d-----w- c:\program files\iPod
2009-06-04 07:07 . 2008-05-10 10:41 -------- d-----w- c:\program files\Common Files\Apple
2009-06-04 07:05 . 2008-05-10 10:42 -------- d-----w- c:\program files\QuickTime
2009-06-01 09:29 . 2009-04-04 05:17 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-29 20:36 . 2009-03-13 06:24 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 20:36 . 2009-03-13 06:24 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 04:54 . 2009-01-23 07:37 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 08:38 . 2008-05-11 22:33 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-05-22 05:51 . 2009-05-22 05:37 -------- d-----w- c:\program files\AnswersThatWork
2009-05-22 05:50 . 2009-05-02 07:47 -------- d-----w- c:\program files\Anki
2009-05-20 00:35 . 2008-10-08 01:28 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Skype
2009-05-20 00:07 . 2008-10-08 01:29 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\skypePM
2009-05-13 05:15 . 2008-05-10 09:01 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 06:59 . 2008-10-05 20:30 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\gtk-2.0
2009-05-10 10:55 . 2008-05-29 05:50 -------- d-----w- c:\program files\NJStar Chinese WP
2009-05-10 05:34 . 2009-05-02 07:49 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\.anki
2009-05-07 15:32 . 2008-05-10 09:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 14:36 . 2009-05-07 14:36 155648 ----a-r- c:\windows\system32\downengine.dll
2009-04-27 08:12 . 2009-04-25 17:23 -------- d-----w- c:\program files\811 Toolbar
2009-04-27 04:41 . 2009-04-27 04:41 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Desktopicon
2009-04-26 19:57 . 2008-05-11 09:03 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-24 04:54 . 2009-04-24 04:54 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 04:54 . 2009-01-23 05:54 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-20 17:07 . 2009-04-20 17:07 103736 ----a-w- c:\windows\system32\QckHelper.dll
2009-04-19 00:19 . 2009-05-03 02:27 38208 ----a-w- c:\documents and settings\d(o^.^o)b\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-17 12:26 . 2008-05-10 09:01 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-05-10 09:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 00:02 . 2009-04-01 00:02 152576 ----a-w- c:\documents and settings\d(o^.^o)b\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"OneNote"="c:\program files\Microsoft Office\Office12\ONENOTEM.EXE" [2007-12-08 101440]
"Google Update"="c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ClubBox"="c:\windows\system32\clubbox.exe" [2009-06-03 1626112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-29 518488]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\d(o^.^o)b\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
twhirl.lnk - c:\program files\twhirl\twhirl.exe [2009-4-18 95744]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0aswBoot.exe /M:cd264363

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\FSCAgent.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\WINDOWS\\system32\\grdmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\NJStar Chinese WP\\MINISMTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Applications\\eMule0.49b\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Documents and Settings\\d(o^.^o)b\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\d(o^.^o)b\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\d(o^.^o)b\\Desktop\\adagio.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\system32\\P3MelonSvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [09.01.22 22:54 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [08.11.15 03:49 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09.04.28 16:21 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09.04.28 16:21 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09.01.18 14:34 1005904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [06.06.07 10:10 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [08.05.10 13:59 808448]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RSFIAURA
*Deregistered* - rsfiaura

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 04:54]

2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1500820517-725345543-1005.job
- c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:34]

2009-06-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 05:18]
.
- - - - ORPHANS REMOVED - - - -

Notify-VESWinlogon - VESWinlogon.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {61A54BB0-F380-446F-8727-9AEA23711471} - hxxp://p.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090318.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 10:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-25 10:25
ComboFix-quarantined-files.txt 2009-06-25 17:25

Pre-Run: 10,190,004,224 bytes free
Post-Run: 10,552,672,256 bytes free

795 --- E O F --- 2009-06-24 09:07
artemisaangel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2009, 09:43 AM   #4 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,470
OS: Vista, Linux Mint


Re: Invisible Pop-ups
hi.

Before we continue with my instruction, we need to create a new account in your computer. Your username is quite odd and our tools is getting error when processing that name.

Create new account

goto START > Control Panel > User account > Create new account

for name of new account, ARTEMIS will do. Press NEXT
for account type, choose COMPUTER ADMINISTRATOR. Then Press NEXT.
Then CREATE ACCOUNT.

Since your are still in d(o^.^o)b account, we need to log off there and log in the new account. To do this,

goto START> Log Off. Choose SWITCH USER. Now log in ARTEMIS account.

Proceeed with the instructions below.

-----------------------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
------------------------------------------------------

Download ResetTeaTimer
  • and Save it to your Desktop.
  • Double-click ResetTeaTimer.zip
  • Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer.
  • A DOS window will open and close again, this is normal.

-----------------------------------------------------------------------

Redownload ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You can find instructions HERE.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
Last edited by mas_pogi; 06-26-2009 at 09:48 AM.
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2009, 10:24 AM   #5 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 22
OS: Windows Vista SP1


Re: Invisible Pop-ups
Here is the new combofix log:

ComboFix 09-06-25.07 - artemis 06/26/2009 9:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.553 [GMT -7:00]
Running from: c:\documents and settings\artemis\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-26 16:06 . 2009-06-26 16:06 -------- d-----w- c:\documents and settings\artemis\Local Settings\Application Data\Mozilla
2009-06-26 16:06 . 2009-06-26 16:06 -------- d-----w- c:\documents and settings\artemis\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2009-06-26 16:04 . 2008-06-10 10:01 -------- d-----w- c:\documents and settings\artemis\Local Settings\Application Data\Microsoft Help
2009-06-26 16:04 . 2009-06-26 16:04 -------- d-----w- c:\documents and settings\artemis
2009-06-26 04:54 . 2009-06-26 04:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-25 17:24 . 2009-06-25 17:24 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-25 05:22 . 2009-06-25 05:22 -------- d-sh--w- c:\documents and settings\d(o^.^o)b\PrivacIE
2009-06-24 17:09 . 2009-06-24 17:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-24 10:49 . 2009-06-24 10:49 -------- d-sh--w- c:\documents and settings\d(o^.^o)b\IETldCache
2009-06-24 09:07 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-24 09:06 . 2009-06-24 09:07 -------- d-----w- c:\windows\ie8updates
2009-06-24 09:04 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-24 09:04 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-24 09:01 . 2009-06-24 09:04 -------- dc-h--w- c:\windows\ie8
2009-06-14 07:32 . 2009-06-14 07:32 -------- d-----w- c:\program files\ReflexiveArcade
2009-06-13 21:01 . 2009-06-14 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-13 21:00 . 2009-06-13 21:00 -------- d-----w- C:\games
2009-06-13 08:37 . 2009-06-13 08:37 -------- d-----w- c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\SupportSoft
2009-06-13 08:37 . 2009-06-13 08:50 -------- d-----w- c:\windows\DSL
2009-06-13 08:37 . 2009-06-13 08:37 -------- d-----w- c:\program files\Verizon
2009-06-13 08:37 . 2009-06-13 08:37 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-06-11 18:14 . 2009-06-11 18:14 -------- d-----w- c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\GestaltGames
2009-06-04 10:37 . 2008-12-04 08:25 120832 ----a-w- c:\documents and settings\d(o^.^o)b\Application Data\Mozilla\Firefox\Profiles\mvs0ju72.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-04 07:00 . 2009-06-04 07:00 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 08:02 . 2009-06-03 08:02 1626112 ----a-r- c:\windows\system32\clubbox.exe
2009-06-02 15:24 . 2009-06-02 15:24 167936 ----a-r- c:\windows\system32\fscagent.exe
2009-06-02 00:26 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-02 00:26 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-06-02 00:26 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-06-02 00:26 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\irmon.dll
2009-06-02 00:26 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-06-02 00:26 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\irftp.exe
2009-06-01 14:47 . 2009-06-14 22:46 -------- d-----w- c:\program files\Mahjong Towers Eternity
2009-06-01 14:44 . 2009-06-01 14:45 -------- d-----w- c:\program files\Mystery Case Files - Huntsville
2009-06-01 14:43 . 2009-06-01 14:43 -------- d-----w- c:\program files\bfgclient
2009-06-01 14:43 . 2009-06-14 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-31 03:05 . 2009-05-31 03:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-31 03:05 . 2009-05-31 03:06 -------- d-----w- c:\program files\DivX
2009-05-29 04:54 . 2009-05-29 04:54 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-29 04:54 . 2009-05-29 04:54 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-29 04:54 . 2009-05-29 04:54 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-29 04:54 . 2009-05-29 04:54 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-28 04:31 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-28 04:31 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 06:23 . 2008-05-13 21:11 80 ----a-w- c:\windows\system32\fscagent.ini.tmp
2009-06-25 21:43 . 2008-05-29 05:50 -------- d-----w- c:\program files\NJStar Chinese WP
2009-06-25 20:02 . 2008-05-11 21:50 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\uTorrent
2009-06-25 16:05 . 2008-09-25 23:27 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\HPAppData
2009-06-25 07:06 . 2008-05-11 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 05:24 . 2008-11-07 07:37 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Songbird2
2009-06-24 10:24 . 2009-02-09 21:41 762 ----a-w- c:\windows\system32\fscflist.ini.tmp
2009-06-23 04:41 . 2008-05-10 22:28 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Apple Computer
2009-06-21 01:35 . 2009-05-03 09:39 -------- d-----w- c:\program files\Mnet P3Modules
2009-06-20 08:18 . 2009-04-27 04:40 -------- d-----w- c:\program files\FormatFactory
2009-06-17 22:18 . 2008-06-18 12:01 -------- d-----w- c:\program files\KBS Kong v3
2009-06-16 20:48 . 2008-05-18 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-14 23:14 . 2009-03-23 05:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-14 07:34 . 2009-01-25 00:22 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\PlayFirst
2009-06-14 07:33 . 2009-01-25 00:22 -------- d-----w- c:\program files\GameHouse
2009-06-06 10:18 . 2009-04-28 23:20 -------- d-----w- c:\program files\Avast
2009-06-04 07:08 . 2008-05-10 10:42 -------- d-----w- c:\program files\iTunes
2009-06-04 07:07 . 2008-05-10 10:42 -------- d-----w- c:\program files\iPod
2009-06-04 07:07 . 2008-05-10 10:41 -------- d-----w- c:\program files\Common Files\Apple
2009-06-04 07:05 . 2008-05-10 10:42 -------- d-----w- c:\program files\QuickTime
2009-06-01 09:29 . 2009-04-04 05:17 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-29 20:36 . 2009-03-13 06:24 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 20:36 . 2009-03-13 06:24 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 04:54 . 2009-01-23 07:37 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 08:38 . 2008-05-11 22:33 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-05-22 05:51 . 2009-05-22 05:37 -------- d-----w- c:\program files\AnswersThatWork
2009-05-22 05:50 . 2009-05-02 07:47 -------- d-----w- c:\program files\Anki
2009-05-20 00:35 . 2008-10-08 01:28 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Skype
2009-05-20 00:07 . 2008-10-08 01:29 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\skypePM
2009-05-13 05:15 . 2008-05-10 09:01 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 06:59 . 2008-10-05 20:30 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\gtk-2.0
2009-05-10 05:34 . 2009-05-02 07:49 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\.anki
2009-05-07 15:32 . 2008-05-10 09:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 14:36 . 2009-05-07 14:36 155648 ----a-r- c:\windows\system32\downengine.dll
2009-04-24 04:54 . 2009-04-24 04:54 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 04:54 . 2009-01-23 05:54 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-20 17:07 . 2009-04-20 17:07 103736 ----a-w- c:\windows\system32\QckHelper.dll
2009-04-19 00:19 . 2009-06-26 16:05 38208 ----a-w- c:\documents and settings\artemis\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-19 00:19 . 2009-05-03 02:27 38208 ----a-w- c:\documents and settings\d(o^.^o)b\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-17 12:26 . 2008-05-10 09:01 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-05-10 09:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 00:02 . 2009-04-01 00:02 152576 ----a-w- c:\documents and settings\d(o^.^o)b\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_17.23.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 06:22 . 2009-06-26 06:22 16384 c:\windows\Temp\Perflib_Perfdata_a4.dat
+ 2009-06-26 06:22 . 2009-06-26 06:22 16384 c:\windows\Temp\Perflib_Perfdata_748.dat
+ 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\msyuv.dll
- 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\msyuv.dll
- 2004-08-04 00:56 . 2008-04-14 00:11 47616 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 00:56 . 2008-04-14 00:11 47616 c:\windows\system32\iyuv_32.dll
+ 2008-05-10 20:31 . 2008-04-14 00:12 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 00:56 . 2008-04-14 00:11 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-06-25 17:24 . 2008-10-16 22:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 17:24 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 17:24 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 17:24 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2004-08-04 00:56 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv
- 2004-08-04 00:56 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv
+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-06-25 17:24 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 17:24 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 17:24 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 17:24 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 17:24 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 17:24 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 17:24 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 17:24 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 17:24 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 17:24 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ClubBox"="c:\windows\system32\clubbox.exe" [2009-06-03 1626112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\d(o^.^o)b\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
twhirl.lnk - c:\program files\twhirl\twhirl.exe [2009-4-18 95744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\FSCAgent.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\WINDOWS\\system32\\grdmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\NJStar Chinese WP\\MINISMTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Applications\\eMule0.49b\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Documents and Settings\\d(o^.^o)b\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\d(o^.^o)b\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\d(o^.^o)b\\Desktop\\adagio.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\system32\\P3MelonSvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/22/2009 10:54 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/15/2008 3:49 AM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/28/2009 4:21 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/28/2009 4:21 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1003344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [5/10/2008 1:59 PM 808448]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [6/7/2006 10:10 AM 30080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 04:55]

2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1500820517-725345543-1005.job
- c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:34]

2009-06-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 05:18]
.
.
------- Supplementary Scan -------
.
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {61A54BB0-F380-446F-8727-9AEA23711471} - hxxp://p.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090318.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
FF - ProfilePath - c:\documents and settings\artemis\Application Data\Mozilla\Firefox\Profiles\3w8ckuqp.default\
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 09:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3700)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-26 9:16
ComboFix-quarantined-files.txt 2009-06-26 16:16
ComboFix2.txt 2009-06-25 17:25

Pre-Run: 9,944,309,760 bytes free
Post-Run: 9,938,817,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

282 --- E O F --- 2009-06-24 09:07
artemisaangel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2009, 10:59 AM   #6 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,470
OS: Vista, Linux Mint


Re: Invisible Pop-ups
hi.

Let continue,


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case µTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

Please uninstall them via add/remove program at the CONTROL PANEL:
µTorrent

------------------------------------------------------------------------

Please uninstall the following. Using windows ADD/REMOVE program at the control panel.

Outdated java runtimes: (Older versions have vulnerabilities that malicious sites can use to exploit and infect your system)

Java(TM) 6 Update 6
Java(TM) 6 Update 7


Do you know this programs? Otherwise, please uninstall it too.

AutoUpdate


**Could you verify this installed program in Control Panel's Add/Remove programs.

?????? ?? 2007

* ?? may mean unicode characters. Let me know in your next reply.

-----------------------------------------------------------------------

Kaspersky scan

*Close any open programs
*Turn off the real time scanner of any existing antivirus program while performing the online scan. You can find the instructions You can find instructions HERE.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Attach that file in your next post.

--------------------------------------------------------------------------

Please download DDS and save it to your desktop.
Disable any script blocker then double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
Please post the content of DDS.txt and attach attach.txt in your next reply.


In your reply, please post

DDS.txt
Attach.txt <--attached
Kaspersky scan result <--attached


Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
Last edited by mas_pogi; 06-26-2009 at 11:01 AM.
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2009, 03:35 PM   #7 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 22
OS: Windows Vista SP1


Re: Invisible Pop-ups
I uninstalled the programs you recommended, however AutoUpdate does not show up in my Add/Remove Programs.
The "?????? ?? 2007" program is a program I use to open certain Korean language files; the program name is in Korean which is why it showed up as question marks.

Here's my DDS log; attached are the online scanner results and attach.txt




DDS (Ver_09-06-26.01) - NTFSx86
Run by d(o^.^o)b at 13:39:40.06 on 09.06.26
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.678 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\d(o^.^o)b\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\fscagent.exe
C:\WINDOWS\system32\grdmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\d(o^.^o)b\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB: {9198CEC1-4DD8-95E7-1053-F5AAFDBBE0FB} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OneNote] "c:\program files\microsoft office\office12\ONENOTEM.EXE" /tsr
uRun: [Google Update] "c:\documents and settings\d(o^.^o)b\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ClubBox] "c:\windows\system32\clubbox.exe" -l
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] c:\progra~1\avast\ashDisp.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\d(o^~1.^o)\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\twhirl.lnk - c:\program files\twhirl\twhirl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {61A54BB0-F380-446F-8727-9AEA23711471} - hxxp://p.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090318.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\d(o^~1.^o)\applic~1\mozilla\firefox\profiles\mvs0ju72.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\d(o^.^o)b\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\d(o^.^o)b\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-22 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-15 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-28 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\ashServ.exe [2009-4-28 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1003344]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-6-7 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-5-10 808448]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast\ashMaiSv.exe [2009-4-28 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast\ashWebSv.exe [2009-4-28 352920]

=============== Created Last 30 ================

2009-06-26 09:11 <DIR> a-dshr-- C:\cmdcons
2009-06-25 10:24 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-25 10:16 161,792 a------- c:\windows\SWREG.exe
2009-06-25 10:16 155,136 a------- c:\windows\PEV.exe
2009-06-25 10:16 98,816 a------- c:\windows\sed.exe
2009-06-24 22:22 <DIR> --dsh--- c:\documents and settings\d(o^.^o)b\PrivacIE
2009-06-24 03:49 <DIR> --dsh--- c:\documents and settings\d(o^.^o)b\IETldCache
2009-06-24 02:07 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-24 02:06 <DIR> --d----- c:\windows\ie8updates
2009-06-24 02:01 <DIR> -cd-h--- c:\windows\ie8
2009-06-14 00:32 <DIR> --d----- c:\program files\ReflexiveArcade
2009-06-13 14:00 <DIR> --d----- C:\games
2009-06-13 01:37 <DIR> --d----- c:\windows\DSL
2009-06-03 01:02 1,626,112 a----r-- c:\windows\system32\clubbox.exe
2009-06-02 08:24 167,936 a----r-- c:\windows\system32\fscagent.exe
2009-06-01 17:26 28,160 ac------ c:\windows\system32\dllcache\irmon.dll
2009-06-01 17:26 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-06-01 17:26 28,160 a------- c:\windows\system32\irmon.dll
2009-06-01 17:26 8,192 a------- c:\windows\system32\wshirda.dll
2009-06-01 17:26 151,552 ac------ c:\windows\system32\dllcache\irftp.exe
2009-06-01 17:26 151,552 a------- c:\windows\system32\irftp.exe
2009-06-01 07:47 <DIR> --d----- c:\program files\Mahjong Towers Eternity
2009-06-01 07:44 <DIR> --d----- c:\program files\Mystery Case Files - Huntsville
2009-06-01 07:43 <DIR> --d----- c:\program files\bfgclient
2009-06-01 07:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2009-05-30 20:05 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-30 20:05 <DIR> --d----- c:\program files\DivX
2009-05-27 21:31 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-05-27 21:31 14,592 a------- c:\windows\system32\drivers\kbdhid.sys

==================== Find3M ====================

2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 21:54 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 07:36 155,648 a----r-- c:\windows\system32\downengine.dll
2009-04-20 10:07 103,736 a------- c:\windows\system32\QckHelper.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-12-25 23:15 665,344 a------- c:\documents and settings\d(o^.^o)b\backup.zip
2008-09-11 18:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat

============= FINISH: 13:40:53.25 ===============
Attached Files
File Type: zip Attach.zip (4.8 KB, 1 views)
artemisaangel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2009, 06:25 PM   #8 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,470
OS: Vista, Linux Mint


Re: Invisible Pop-ups
hi.

How's your machine now?

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2009, 10:54 PM   #9 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 22
OS: Windows Vista SP1


Re: Invisible Pop-ups
it seems fine, running the same as before the spyware hit it. Nothing is lagging and I haven't had any issues with pop-ups, invisible or otherwise. Thanks so much!
artemisaangel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-27-2009, 05:03 AM   #10 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,470
OS: Vista, Linux Mint


Re: Invisible Pop-ups
hi.
Congratulations! You now appear clean!

We Need to Clean Up Our Mess
  1. Uninstall ComboFix
    Remove Combofix now that we're done with it.
    • Click on your Start Menu, then Run....
    • Now copy and paste this one in the runbox. Then HIT enter.

      Code:
      ComboFix /u


    Uninstalling ComboFix will do the following:
    1. Delete ComboFix and its components from your computer.
    2. Delete other tools commonly used during the malware removal process.
    3. Resets clock settings to standard format.
    4. Re-hides file extensions and hidden/system files.
    5. Clears System Restore cache and creates new restore point.

  2. Please also delete the DDS.scr located at your desktop.
-----------------------------------------------
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  1. Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.

  2. Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file

  3. Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  4. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  5. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.

  6. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

-------------------------------------------------------------------------


You may keep your ARTEMIS account but if you want to delete it, follow the steps below;

Log in as d(o^.^o)b.
goto START > Control Panel > User account
Double-click the ARTEMIS account, the delete the account.



Please respond to this thread one more time so we can mark this thread as resolved.

Maraming salamat.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-27-2009, 11:05 AM   #11 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 22
OS: Windows Vista SP1


Re: Invisible Pop-ups
Thanks so much again :D
artemisaangel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-27-2009, 06:45 PM   #12 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,470
OS: Vista, Linux Mint


Re: Invisible Pop-ups
hi.

It is a pleasure to help you.

Surf safely.

Since the problem appears to be resolved, it will now be archived.


Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:28 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85