Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Re-direct / Possible Root-Kit


  • This topic is locked This topic is locked
40 replies to this topic

#1 TWillGA

TWillGA

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 09 October 2011 - 01:16 AM

Hello,

I'm usually able to remove infections from my computer by reading the posts in your forums for people who have issues similar to what I'm experiencing. However, what's going on now is more troublesome than anything I've encountered before. I think there may be more than one source of malware or viruses. It started out as just the Google re-direct. I tried running MBAM, but after about an hour and a half of running, my computer blue screens and restarts. The same thing also happens in safe mode. I installed SAS and tried running that, and get the same results, even in safe mode. Whatever this is, it does not like to be found, and since it can't stop the scans it just causes my computer to restart. I am also unable to run some executable files.

Also, when I open the IE, I get the message "Protected mode is currently turned off for the Internet zone. Click here to open security settings." When I enable the Protected Mode in Internet Options --> Security, it does not stay applied, and I get the same message after I close and reopen IE.

My log are attached for review. Please advise.

TIA,
TWillGA



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22
Run by Toni at 1:29:40 on 2011-10-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.904 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uSearch Bar =
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071123
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\toni\appdata\roaming\micros~1\windows\startm~1\programs\startup\win211~1.lnk - \\globalroot\device\harddiskvolume3\users\toni\appdata\local\temp\win2119b744.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{CE30CEDA-F385-4CDF-AEE6-09B684F2588C} : DhcpNameServer = 68.87.68.166 68.87.74.166
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - c:\program files\common files\a&w\MidRadio.ocx
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 74.174.57.113 weblink.catalysttech.com
Hosts: 74.174.57.113 weblink
Hosts: 74.174.57.114 weblinkcp.catalysttech.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toni\appdata\roaming\mozilla\firefox\profiles\c5k9xmk9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\users\toni\appdata\roaming\mozilla\firefox\profiles\c5k9xmk9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\toni\appdata\roaming\mozilla\firefox\profiles\c5k9xmk9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\toni\appdata\roaming\mozilla\firefox\profiles\c5k9xmk9.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-9 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-22 73728]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2007-9-6 35692]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
.
=============== Created Last 30 ================
.
2011-10-09 05:27:32 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0b927d3-769d-4cc3-b9c6-ceb3f57147e2}\mpengine.dll
2011-10-06 19:01:59 -------- d-----w- c:\users\toni\appdata\roaming\SUPERAntiSpyware.com
2011-10-06 18:40:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-06 18:40:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-05 06:02:49 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9475cfa0-8e33-42f5-9c1e-4d5ee0a9d80e}\mpengine.dll
2011-09-21 00:15:41 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-20 15:51:31 -------- d-sh--w- C:\found.003
2011-09-18 02:21:43 -------- d-----w- c:\users\toni\appdata\local\compatnetdb
.
==================== Find3M ====================
.
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 21:53:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 1:35:32.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 14 October 2011 - 01:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422590 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 15 October 2011 - 06:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please carry out HelpBot's instructions above and we can take it from there.
Posted Image
m0le is a proud member of UNITE

#4 TWillGA

TWillGA
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 16 October 2011 - 01:28 AM

So far, I've run both SAS and MBAM in safe mode, and they quarantined and remove some files. My computer is still behaving the same way. I've updated the DDS and GMER logs, and have provided them for your review.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22
Run by Toni at 17:58:36 on 2011-10-15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.745 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Windows\system32\taskeng.exe
C:\Installations\Software\WinRAR.exe
C:\Users\Toni\AppData\Local\Temp\Rar$EX00.959\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uSearch Bar =
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071123
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\toni\appdata\roaming\micros~1\windows\startm~1\programs\startup\win211~1.lnk - \\globalroot\device\harddiskvolume3\users\toni\appdata\local\temp\win2119b744.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{CE30CEDA-F385-4CDF-AEE6-09B684F2588C} : DhcpNameServer = 68.87.68.166 68.87.74.166
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - c:\program files\common files\a&w\MidRadio.ocx
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 74.174.57.113 weblink.catalysttech.com
Hosts: 74.174.57.113 weblink
Hosts: 74.174.57.114 weblinkcp.catalysttech.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toni\appdata\roaming\mozilla\firefox\profiles\c5k9xmk9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\users\toni\appdata\roaming\mozilla\firefox\profiles\c5k9xmk9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\toni\appdata\roaming\mozilla\firefox\profiles\c5k9xmk9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\toni\appdata\roaming\mozilla\firefox\profiles\c5k9xmk9.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-10-15 21:56:32 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{41d4e110-7d02-47d6-ac38-a96d1deab664}\offreg.dll
2011-10-15 21:07:33 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{41d4e110-7d02-47d6-ac38-a96d1deab664}\mpengine.dll
2011-10-09 05:57:21 -------- d-----w- c:\users\toni\CD95F661A5C444F5A6AAECDD91C240C1.TMP
2011-10-06 19:01:59 -------- d-----w- c:\users\toni\appdata\roaming\SUPERAntiSpyware.com
2011-10-06 18:40:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-06 18:40:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-21 00:15:41 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-20 15:51:31 -------- d-sh--w- C:\found.003
2011-09-18 02:21:43 -------- d-----w- c:\users\toni\appdata\local\compatnetdb
.
==================== Find3M ====================
.
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 21:53:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:04:23.15 ===============

Attached Files



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 16 October 2011 - 04:05 PM

Please run everything I ask you to in normal mode unless I say otherwise.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#6 TWillGA

TWillGA
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 18 October 2011 - 12:21 AM

Hello,

Below is the log for the MBRCheck scan. I tried to run the aswMBR scan, but my computer rebooted itself on both attempts. Any suggestions?


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1520
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 170):
0x82E3E000 \SystemRoot\system32\ntkrnlpa.exe
0x82E0B000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80468000 \SystemRoot\system32\PSHED.dll
0x80479000 \SystemRoot\system32\BOOTVID.dll
0x80481000 \SystemRoot\system32\CLFS.SYS
0x804C2000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\system32\drivers\acpi.sys
0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E5000 \SystemRoot\system32\drivers\pci.sys
0x8070C000 \SystemRoot\System32\drivers\partmgr.sys
0x8071B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80728000 \SystemRoot\system32\drivers\volmgr.sys
0x80737000 \SystemRoot\System32\drivers\volmgrx.sys
0x80781000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80788000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80796000 \SystemRoot\system32\drivers\pciide.sys
0x8079D000 \SystemRoot\System32\drivers\mountmgr.sys
0x88A08000 \SystemRoot\system32\drivers\iastorv.sys
0x88AA8000 \SystemRoot\system32\drivers\iastor.sys
0x88B66000 \SystemRoot\system32\drivers\atapi.sys
0x88B6E000 \SystemRoot\system32\drivers\ataport.SYS
0x88B8C000 \SystemRoot\system32\drivers\fltmgr.sys
0x88BBE000 \SystemRoot\system32\drivers\fileinfo.sys
0x88BCE000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88C0D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88C7E000 \SystemRoot\system32\drivers\ndis.sys
0x88D89000 \SystemRoot\system32\drivers\msrpc.sys
0x88DB4000 \SystemRoot\system32\drivers\NETIO.SYS
0x88E09000 \SystemRoot\System32\drivers\tcpip.sys
0x88EF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89002000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89111000 \SystemRoot\system32\drivers\volsnap.sys
0x8914A000 \SystemRoot\System32\Drivers\spldr.sys
0x89152000 \SystemRoot\System32\Drivers\mup.sys
0x89161000 \SystemRoot\System32\drivers\ecache.sys
0x89188000 \SystemRoot\system32\drivers\disk.sys
0x89199000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x891BA000 \SystemRoot\system32\drivers\crcdisk.sys
0x891D0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x891DB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x891E4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8D407000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8DA32000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DAD1000 \SystemRoot\System32\drivers\watchdog.sys
0x8DADE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8DAE9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8DB27000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DB36000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8DF01000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8DF11000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8DF21000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8DF2F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8DF49000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8DF57000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8DF6B000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8DFBC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DFCF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8DFFA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DB48000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DB53000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DB5E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DB76000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8DFFC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DB7C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DB85000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8DBA3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x88F0D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DBD1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DBDC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DBF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x88F4E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x88F71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x88F80000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x88F94000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x88FA9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DBFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x88FB9000 \SystemRoot\system32\DRIVERS\ks.sys
0x807AD000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x891F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x891C3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805A2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88FE3000 \SystemRoot\system32\DRIVERS\sffp_sd.sys
0x88FEB000 \SystemRoot\system32\DRIVERS\sffdisk.sys
0x88DEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9060F000 \SystemRoot\system32\drivers\stwrt.sys
0x90664000 \SystemRoot\system32\drivers\portcls.sys
0x90691000 \SystemRoot\system32\drivers\drmk.sys
0x906B6000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x906F3000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90802000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x908B6000 \SystemRoot\system32\drivers\modem.sys
0x908C3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x908DA000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x90914000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x90916000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x9095F000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x92586000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x925BC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x925C5000 \SystemRoot\System32\Drivers\Null.SYS
0x925CC000 \SystemRoot\System32\Drivers\Beep.SYS
0x925DC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x925E3000 \SystemRoot\System32\drivers\vga.sys
0x90970000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x925EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x925F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90991000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9099C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x925D3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x909AA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x909C0000 \SystemRoot\system32\DRIVERS\smb.sys
0x9E608000 \SystemRoot\system32\drivers\afd.sys
0x9E650000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9E682000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9E698000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9E6A6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9E6B9000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x9E6E5000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x9E74B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x9E76D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9E773000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9E7AF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9F00A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9F068000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9F086000 \SystemRoot\System32\Drivers\dfsc.sys
0x9F09D000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9F0C5000 \SystemRoot\system32\DRIVERS\udfs.sys
0xA6440000 \SystemRoot\System32\win32k.sys
0x9F10D000 \SystemRoot\System32\drivers\Dxapi.sys
0x9F117000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA6660000 \SystemRoot\System32\TSDDD.dll
0xA6680000 \SystemRoot\System32\cdd.dll
0x9F126000 \SystemRoot\system32\drivers\luafv.sys
0x9F149000 \SystemRoot\system32\drivers\spsys.sys
0x9F000000 \SystemRoot\system32\DRIVERS\CdpPacket.sys
0x9E7B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E7C9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9F100000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x909D4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x909E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xBCE0A000 \SystemRoot\system32\drivers\HTTP.sys
0xBCE77000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xBCE94000 \SystemRoot\system32\DRIVERS\bowser.sys
0xBCEAD000 \SystemRoot\System32\drivers\mpsdrv.sys
0xBCEC2000 \SystemRoot\system32\drivers\mrxdav.sys
0xBCEE2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBCF01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xBCF3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xBCF52000 \SystemRoot\System32\DRIVERS\srv2.sys
0xBCF7A000 \SystemRoot\System32\DRIVERS\srv.sys
0xBF20F000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xBF29F000 \SystemRoot\system32\DRIVERS\datunidr.sys
0xBF2A1000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xBF2A3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBF2A7000 \SystemRoot\system32\drivers\peauth.sys
0xBF385000 \SystemRoot\System32\Drivers\secdrv.SYS
0xBF38F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xBF39B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xBF3B0000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xBF3C2000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xBF3CA000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x92400000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111004.004\NAVEX15.SYS
0xBF3D0000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111004.004\NAVENG.SYS
0x77650000 \Windows\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
540 C:\Windows\System32\smss.exe
608 csrss.exe
652 csrss.exe
660 C:\Windows\System32\wininit.exe
716 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
760 C:\Windows\System32\lsm.exe
900 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\SLsvc.exe
1348 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\svchost.exe
1684 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1856 C:\Windows\System32\wlanext.exe
1924 C:\Windows\System32\spoolsv.exe
2028 C:\Windows\System32\svchost.exe
212 C:\Windows\System32\dwm.exe
216 C:\Windows\System32\taskeng.exe
448 C:\Windows\explorer.exe
1296 C:\Program Files\SUPERAntiSpyware\SASCore.exe
484 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1692 C:\Windows\System32\AEstSrv.exe
1064 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1244 C:\Program Files\Symantec AntiVirus\DefWatch.exe
2072 C:\Windows\System32\svchost.exe
2156 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
2228 C:\Windows\System32\svchost.exe
2260 C:\Windows\System32\svchost.exe
2272 C:\Windows\System32\svchost.exe
2284 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2380 C:\Program Files\Windows Defender\MSASCui.exe
2708 C:\Windows\System32\stacsv.exe
2924 C:\Windows\System32\svchost.exe
2936 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2984 C:\Windows\System32\svchost.exe
3024 C:\Windows\System32\SearchIndexer.exe
3156 C:\Windows\System32\drivers\XAudio.exe
3456 WUDFHost.exe
3864 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3872 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3952 C:\Program Files\Symantec AntiVirus\VPTray.exe
4032 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
1344 C:\Windows\System32\wbem\unsecapp.exe
2472 WmiPrvSE.exe
2584 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
2848 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
2540 C:\Windows\ehome\ehtray.exe
2532 C:\Program Files\Windows Media Player\wmpnscfg.exe
2844 C:\Windows\ehome\ehmsas.exe
952 C:\Program Files\Windows Media Player\wmpnetwk.exe
2560 C:\Windows\System32\taskeng.exe
2344 C:\Windows\System32\wuauclt.exe
2796 C:\Users\Toni\Desktop\Virus Removal\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2120BH, Rev: 0085000B

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 18 October 2011 - 05:00 PM

If aswMBR doesn't run that's usually a rootkit sign.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#8 TWillGA

TWillGA
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 19 October 2011 - 10:28 PM

I was not prompted to reboot. The scan completed and did not find any issues. The log is below.

23:20:48.0634 5092 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
23:20:49.0005 5092 ============================================================
23:20:49.0005 5092 Current date / time: 2011/10/19 23:20:49.0005
23:20:49.0005 5092 SystemInfo:
23:20:49.0005 5092
23:20:49.0005 5092 OS Version: 6.0.6001 ServicePack: 1.0
23:20:49.0005 5092 Product type: Workstation
23:20:49.0006 5092 ComputerName: MOONLIGHT
23:20:49.0006 5092 UserName: Toni
23:20:49.0006 5092 Windows directory: C:\Windows
23:20:49.0006 5092 System windows directory: C:\Windows
23:20:49.0006 5092 Processor architecture: Intel x86
23:20:49.0006 5092 Number of processors: 2
23:20:49.0006 5092 Page size: 0x1000
23:20:49.0006 5092 Boot type: Normal boot
23:20:49.0006 5092 ============================================================
23:20:50.0487 5092 Initialize success
23:20:57.0513 0576 ============================================================
23:20:57.0513 0576 Scan started
23:20:57.0513 0576 Mode: Manual;
23:20:57.0513 0576 ============================================================
23:21:00.0397 0576 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
23:21:00.0461 0576 ACPI - ok
23:21:00.0818 0576 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:21:01.0006 0576 adp94xx - ok
23:21:01.0822 0576 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:21:01.0907 0576 adpahci - ok
23:21:02.0437 0576 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:21:02.0596 0576 adpu160m - ok
23:21:03.0006 0576 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:21:03.0057 0576 adpu320 - ok
23:21:03.0234 0576 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
23:21:03.0267 0576 AFD - ok
23:21:03.0405 0576 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
23:21:03.0451 0576 agp440 - ok
23:21:03.0560 0576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:21:03.0632 0576 aic78xx - ok
23:21:03.0866 0576 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
23:21:03.0948 0576 aliide - ok
23:21:04.0043 0576 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
23:21:04.0101 0576 amdagp - ok
23:21:04.0243 0576 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
23:21:04.0286 0576 amdide - ok
23:21:04.0388 0576 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:21:04.0399 0576 AmdK7 - ok
23:21:04.0440 0576 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
23:21:04.0451 0576 AmdK8 - ok
23:21:04.0540 0576 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:21:04.0594 0576 arc - ok
23:21:04.0737 0576 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:21:04.0798 0576 arcsas - ok
23:21:04.0858 0576 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:21:04.0859 0576 AsyncMac - ok
23:21:05.0022 0576 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
23:21:05.0037 0576 atapi - ok
23:21:05.0438 0576 BCM43XX (6aae1042c0a572b24d2a4d6088f03392) C:\Windows\system32\DRIVERS\bcmwl6.sys
23:21:05.0516 0576 BCM43XX - ok
23:21:05.0699 0576 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
23:21:05.0711 0576 bcm4sbxp - ok
23:21:06.0098 0576 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:21:06.0106 0576 Beep - ok
23:21:06.0412 0576 blbdrive - ok
23:21:06.0626 0576 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
23:21:06.0628 0576 bowser - ok
23:21:07.0038 0576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:21:07.0056 0576 BrFiltLo - ok
23:21:07.0225 0576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:21:07.0237 0576 BrFiltUp - ok
23:21:07.0468 0576 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:21:07.0480 0576 Brserid - ok
23:21:07.0617 0576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:21:07.0628 0576 BrSerWdm - ok
23:21:07.0780 0576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:21:07.0810 0576 BrUsbMdm - ok
23:21:08.0027 0576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:21:08.0037 0576 BrUsbSer - ok
23:21:08.0081 0576 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:21:08.0092 0576 BTHMODEM - ok
23:21:08.0192 0576 BVRPMPR5 (a0b1aeb65397adcae5a199bd152c107d) C:\Windows\system32\drivers\BVRPMPR5.SYS
23:21:08.0241 0576 BVRPMPR5 - ok
23:21:08.0362 0576 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:21:08.0365 0576 cdfs - ok
23:21:08.0476 0576 CdpPacket (96540c491b68d14c2a01eb2e61fad130) C:\Windows\system32\DRIVERS\CdpPacket.sys
23:21:08.0516 0576 CdpPacket - ok
23:21:08.0672 0576 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
23:21:08.0684 0576 cdrom - ok
23:21:08.0861 0576 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:21:08.0907 0576 circlass - ok
23:21:09.0146 0576 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
23:21:09.0158 0576 CLFS - ok
23:21:09.0489 0576 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:21:09.0531 0576 CmBatt - ok
23:21:09.0696 0576 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
23:21:09.0749 0576 cmdide - ok
23:21:10.0259 0576 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:21:10.0297 0576 Compbatt - ok
23:21:10.0457 0576 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:21:10.0459 0576 crcdisk - ok
23:21:10.0867 0576 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:21:10.0916 0576 Crusoe - ok
23:21:11.0187 0576 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
23:21:11.0187 0576 CVirtA - ok
23:21:11.0583 0576 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
23:21:11.0618 0576 CVPNDRVA - ok
23:21:11.0863 0576 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\datunidr.sys
23:21:11.0871 0576 datunidr - ok
23:21:12.0142 0576 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
23:21:12.0158 0576 DfsC - ok
23:21:12.0335 0576 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
23:21:12.0337 0576 disk - ok
23:21:12.0489 0576 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
23:21:12.0538 0576 DNE - ok
23:21:12.0708 0576 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:21:12.0720 0576 Dot4 - ok
23:21:12.0827 0576 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:21:12.0837 0576 Dot4Print - ok
23:21:13.0060 0576 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:21:13.0071 0576 dot4usb - ok
23:21:13.0431 0576 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:21:13.0439 0576 drmkaud - ok
23:21:13.0670 0576 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
23:21:13.0680 0576 DSproct - ok
23:21:14.0109 0576 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
23:21:14.0118 0576 dsunidrv - ok
23:21:14.0211 0576 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:21:14.0243 0576 dtsoftbus01 - ok
23:21:14.0535 0576 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
23:21:14.0625 0576 DXGKrnl - ok
23:21:14.0809 0576 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
23:21:14.0834 0576 e1express - ok
23:21:14.0882 0576 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:21:14.0895 0576 E1G60 - ok
23:21:15.0081 0576 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
23:21:15.0086 0576 Ecache - ok
23:21:15.0268 0576 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:21:15.0344 0576 eeCtrl - ok
23:21:15.0577 0576 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:21:15.0596 0576 elxstor - ok
23:21:15.0690 0576 EraserUtilDrv10631 - ok
23:21:15.0787 0576 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:21:15.0788 0576 EraserUtilRebootDrv - ok
23:21:16.0000 0576 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
23:21:16.0013 0576 exfat - ok
23:21:16.0084 0576 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
23:21:16.0088 0576 fastfat - ok
23:21:16.0194 0576 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:21:16.0204 0576 fdc - ok
23:21:16.0293 0576 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:21:16.0296 0576 FileInfo - ok
23:21:16.0411 0576 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:21:16.0422 0576 Filetrace - ok
23:21:16.0506 0576 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:21:16.0534 0576 flpydisk - ok
23:21:16.0603 0576 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
23:21:16.0608 0576 FltMgr - ok
23:21:16.0729 0576 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys
23:21:16.0739 0576 FlyUsb - ok
23:21:16.0859 0576 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:21:16.0868 0576 Fs_Rec - ok
23:21:17.0015 0576 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:21:17.0066 0576 gagp30kx - ok
23:21:17.0182 0576 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:21:17.0228 0576 GEARAspiWDM - ok
23:21:17.0342 0576 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:21:17.0353 0576 HDAudBus - ok
23:21:17.0498 0576 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:21:17.0508 0576 HidBth - ok
23:21:17.0538 0576 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:21:17.0548 0576 HidIr - ok
23:21:17.0634 0576 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
23:21:17.0644 0576 HidUsb - ok
23:21:17.0752 0576 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:21:17.0764 0576 HpCISSs - ok
23:21:17.0845 0576 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:21:17.0889 0576 HSF_DPV - ok
23:21:17.0989 0576 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:21:18.0001 0576 HSXHWAZL - ok
23:21:18.0088 0576 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
23:21:18.0179 0576 HTTP - ok
23:21:18.0344 0576 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:21:18.0402 0576 i2omp - ok
23:21:18.0556 0576 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:21:18.0569 0576 i8042prt - ok
23:21:18.0639 0576 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
23:21:18.0641 0576 iaStor - ok
23:21:18.0812 0576 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:21:18.0818 0576 iaStorV - ok
23:21:18.0922 0576 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:21:19.0010 0576 igfx - ok
23:21:19.0130 0576 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:21:19.0186 0576 iirsp - ok
23:21:19.0367 0576 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
23:21:19.0369 0576 intelide - ok
23:21:19.0436 0576 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:21:19.0447 0576 intelppm - ok
23:21:19.0506 0576 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:21:19.0517 0576 IpFilterDriver - ok
23:21:19.0591 0576 IpInIp - ok
23:21:19.0633 0576 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:21:19.0645 0576 IPMIDRV - ok
23:21:19.0761 0576 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:21:19.0774 0576 IPNAT - ok
23:21:19.0842 0576 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:21:19.0862 0576 IRENUM - ok
23:21:19.0981 0576 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
23:21:20.0045 0576 isapnp - ok
23:21:20.0220 0576 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
23:21:20.0235 0576 iScsiPrt - ok
23:21:20.0274 0576 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:21:20.0286 0576 iteatapi - ok
23:21:20.0395 0576 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:21:20.0442 0576 iteraid - ok
23:21:20.0592 0576 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:21:20.0643 0576 kbdclass - ok
23:21:20.0732 0576 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
23:21:20.0743 0576 kbdhid - ok
23:21:20.0847 0576 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
23:21:20.0858 0576 KSecDD - ok
23:21:21.0054 0576 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:21:21.0065 0576 lltdio - ok
23:21:21.0182 0576 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:21:21.0212 0576 LSI_FC - ok
23:21:21.0292 0576 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:21:21.0320 0576 LSI_SAS - ok
23:21:21.0369 0576 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:21:21.0400 0576 LSI_SCSI - ok
23:21:21.0550 0576 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:21:21.0553 0576 luafv - ok
23:21:21.0613 0576 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:21:21.0622 0576 mdmxsdk - ok
23:21:21.0751 0576 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:21:21.0782 0576 megasas - ok
23:21:21.0914 0576 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:21:21.0923 0576 Modem - ok
23:21:22.0012 0576 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:21:22.0014 0576 monitor - ok
23:21:22.0065 0576 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:21:22.0091 0576 mouclass - ok
23:21:22.0155 0576 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:21:22.0165 0576 mouhid - ok
23:21:22.0233 0576 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:21:22.0235 0576 MountMgr - ok
23:21:22.0400 0576 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:21:22.0431 0576 mpio - ok
23:21:22.0512 0576 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:21:22.0524 0576 mpsdrv - ok
23:21:22.0569 0576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:21:22.0614 0576 Mraid35x - ok
23:21:22.0775 0576 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
23:21:22.0778 0576 MRxDAV - ok
23:21:22.0880 0576 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:21:22.0884 0576 mrxsmb - ok
23:21:22.0960 0576 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:21:22.0966 0576 mrxsmb10 - ok
23:21:23.0009 0576 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:21:23.0012 0576 mrxsmb20 - ok
23:21:23.0166 0576 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
23:21:23.0210 0576 msahci - ok
23:21:23.0271 0576 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:21:23.0284 0576 msdsm - ok
23:21:23.0351 0576 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:21:23.0353 0576 Msfs - ok
23:21:23.0437 0576 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:21:23.0439 0576 msisadrv - ok
23:21:23.0589 0576 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:21:23.0599 0576 MSKSSRV - ok
23:21:23.0638 0576 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:21:23.0648 0576 MSPCLOCK - ok
23:21:23.0703 0576 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:21:23.0730 0576 MSPQM - ok
23:21:23.0820 0576 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
23:21:23.0824 0576 MsRPC - ok
23:21:23.0951 0576 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:21:23.0999 0576 mssmbios - ok
23:21:24.0106 0576 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:21:24.0115 0576 MSTEE - ok
23:21:24.0163 0576 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
23:21:24.0166 0576 Mup - ok
23:21:24.0294 0576 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
23:21:24.0307 0576 NativeWifiP - ok
23:21:24.0527 0576 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111004.004\NAVENG.SYS
23:21:24.0528 0576 NAVENG - ok
23:21:24.0634 0576 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111004.004\NAVEX15.SYS
23:21:24.0648 0576 NAVEX15 - ok
23:21:24.0771 0576 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
23:21:24.0794 0576 NDIS - ok
23:21:24.0994 0576 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:21:25.0005 0576 NdisTapi - ok
23:21:25.0044 0576 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:21:25.0054 0576 Ndisuio - ok
23:21:25.0153 0576 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
23:21:25.0166 0576 NdisWan - ok
23:21:25.0263 0576 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:21:25.0273 0576 NDProxy - ok
23:21:25.0409 0576 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:21:25.0410 0576 NetBIOS - ok
23:21:25.0479 0576 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
23:21:25.0494 0576 netbt - ok
23:21:25.0636 0576 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:21:25.0671 0576 nfrd960 - ok
23:21:25.0768 0576 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
23:21:25.0771 0576 Npfs - ok
23:21:25.0908 0576 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:21:25.0918 0576 nsiproxy - ok
23:21:26.0008 0576 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
23:21:26.0041 0576 Ntfs - ok
23:21:26.0130 0576 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:21:26.0140 0576 ntrigdigi - ok
23:21:26.0216 0576 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:21:26.0225 0576 Null - ok
23:21:26.0443 0576 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:21:26.0600 0576 nvraid - ok
23:21:27.0022 0576 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:21:27.0113 0576 nvstor - ok
23:21:27.0261 0576 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
23:21:27.0355 0576 nv_agp - ok
23:21:27.0525 0576 NwlnkFlt - ok
23:21:27.0587 0576 NwlnkFwd - ok
23:21:27.0688 0576 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
23:21:27.0703 0576 OEM02Dev - ok
23:21:27.0750 0576 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
23:21:27.0760 0576 OEM02Vfx - ok
23:21:27.0890 0576 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
23:21:27.0901 0576 ohci1394 - ok
23:21:28.0098 0576 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:21:28.0110 0576 Parport - ok
23:21:28.0156 0576 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
23:21:28.0159 0576 partmgr - ok
23:21:28.0198 0576 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:21:28.0225 0576 Parvdm - ok
23:21:28.0378 0576 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
23:21:28.0382 0576 pci - ok
23:21:28.0418 0576 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:21:28.0420 0576 pciide - ok
23:21:28.0591 0576 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:21:28.0639 0576 pcmcia - ok
23:21:28.0716 0576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:21:28.0769 0576 PEAUTH - ok
23:21:28.0926 0576 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:21:28.0938 0576 PptpMiniport - ok
23:21:29.0085 0576 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:21:29.0096 0576 Processor - ok
23:21:29.0165 0576 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
23:21:29.0166 0576 PSched - ok
23:21:29.0250 0576 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
23:21:29.0258 0576 PTproct - ok
23:21:29.0354 0576 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
23:21:29.0357 0576 PxHelp20 - ok
23:21:29.0527 0576 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:21:29.0638 0576 ql2300 - ok
23:21:29.0732 0576 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:21:29.0781 0576 ql40xx - ok
23:21:29.0929 0576 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:21:29.0939 0576 QWAVEdrv - ok
23:21:30.0095 0576 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
23:21:30.0173 0576 R300 - ok
23:21:30.0312 0576 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:21:30.0323 0576 RasAcd - ok
23:21:30.0420 0576 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:21:30.0432 0576 Rasl2tp - ok
23:21:30.0536 0576 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
23:21:30.0548 0576 RasPppoe - ok
23:21:30.0662 0576 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
23:21:30.0674 0576 RasSstp - ok
23:21:30.0709 0576 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
23:21:30.0715 0576 rdbss - ok
23:21:30.0778 0576 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:21:30.0786 0576 RDPCDD - ok
23:21:30.0933 0576 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
23:21:30.0950 0576 rdpdr - ok
23:21:31.0015 0576 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:21:31.0025 0576 RDPENCDD - ok
23:21:31.0090 0576 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
23:21:31.0105 0576 RDPWD - ok
23:21:31.0244 0576 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
23:21:31.0257 0576 rimmptsk - ok
23:21:31.0300 0576 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
23:21:31.0311 0576 rimsptsk - ok
23:21:31.0374 0576 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
23:21:31.0385 0576 rismxdp - ok
23:21:31.0480 0576 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:21:31.0491 0576 rspndr - ok
23:21:31.0647 0576 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:21:31.0648 0576 SASDIFSV - ok
23:21:31.0691 0576 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:21:31.0693 0576 SASKUTIL - ok
23:21:31.0861 0576 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:21:31.0911 0576 sbp2port - ok
23:21:32.0031 0576 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
23:21:32.0044 0576 sdbus - ok
23:21:32.0084 0576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:21:32.0094 0576 secdrv - ok
23:21:32.0141 0576 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:21:32.0151 0576 Serenum - ok
23:21:32.0322 0576 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:21:32.0334 0576 Serial - ok
23:21:32.0373 0576 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:21:32.0384 0576 sermouse - ok
23:21:32.0463 0576 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
23:21:32.0472 0576 sffdisk - ok
23:21:32.0587 0576 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
23:21:32.0607 0576 sffp_mmc - ok
23:21:32.0720 0576 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:21:32.0730 0576 sffp_sd - ok
23:21:32.0833 0576 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:21:32.0843 0576 sfloppy - ok
23:21:32.0909 0576 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
23:21:32.0977 0576 sisagp - ok
23:21:33.0081 0576 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:21:33.0127 0576 SiSRaid2 - ok
23:21:33.0453 0576 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:21:33.0529 0576 SiSRaid4 - ok
23:21:33.0747 0576 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
23:21:33.0759 0576 Smb - ok
23:21:34.0122 0576 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:21:34.0243 0576 SPBBCDrv - ok
23:21:34.0556 0576 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:21:34.0558 0576 spldr - ok
23:21:34.0753 0576 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys
23:21:34.0864 0576 sptd - ok
23:21:35.0247 0576 SRTSP (1b2a1c6bc76e1ebe8bc2f4a4f3d43e23) C:\Windows\system32\Drivers\SRTSP.SYS
23:21:35.0257 0576 SRTSP - ok
23:21:35.0294 0576 SRTSPL (f01a7f6e60e95fe83345cf92728a32d4) C:\Windows\system32\Drivers\SRTSPL.SYS
23:21:35.0375 0576 SRTSPL - ok
23:21:35.0643 0576 SRTSPX (d02812f89e18c6fb32f901be1e10bc17) C:\Windows\system32\Drivers\SRTSPX.SYS
23:21:35.0677 0576 SRTSPX - ok
23:21:35.0849 0576 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
23:21:35.0854 0576 srv - ok
23:21:36.0229 0576 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
23:21:36.0255 0576 srv2 - ok
23:21:36.0313 0576 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
23:21:36.0347 0576 srvnet - ok
23:21:36.0597 0576 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
23:21:36.0666 0576 sscdbus - ok
23:21:36.0923 0576 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:21:36.0990 0576 sscdmdfl - ok
23:21:37.0279 0576 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
23:21:37.0341 0576 sscdmdm - ok
23:21:37.0560 0576 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
23:21:37.0639 0576 sscdserd - ok
23:21:38.0139 0576 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
23:21:38.0171 0576 STHDA - ok
23:21:38.0470 0576 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:21:38.0567 0576 swenum - ok
23:21:38.0786 0576 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:21:38.0866 0576 Symc8xx - ok
23:21:39.0269 0576 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS
23:21:39.0382 0576 SymEvent - ok
23:21:39.0485 0576 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
23:21:39.0591 0576 SYMREDRV - ok
23:21:39.0798 0576 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
23:21:39.0861 0576 SYMTDI - ok
23:21:39.0976 0576 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:21:40.0092 0576 Sym_hi - ok
23:21:40.0487 0576 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:21:40.0499 0576 Sym_u3 - ok
23:21:40.0601 0576 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
23:21:40.0640 0576 SynTP - ok
23:21:41.0101 0576 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
23:21:41.0135 0576 Tcpip - ok
23:21:41.0723 0576 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
23:21:41.0732 0576 Tcpip6 - ok
23:21:42.0206 0576 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
23:21:42.0216 0576 tcpipreg - ok
23:21:42.0517 0576 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:21:42.0527 0576 TDPIPE - ok
23:21:42.0700 0576 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:21:42.0727 0576 TDTCP - ok
23:21:42.0808 0576 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
23:21:42.0848 0576 tdx - ok
23:21:43.0168 0576 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
23:21:43.0262 0576 TermDD - ok
23:21:43.0457 0576 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:21:43.0467 0576 tssecsrv - ok
23:21:43.0747 0576 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:21:43.0773 0576 tunmp - ok
23:21:43.0990 0576 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
23:21:44.0040 0576 tunnel - ok
23:21:44.0360 0576 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:21:44.0530 0576 uagp35 - ok
23:21:44.0808 0576 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
23:21:44.0820 0576 udfs - ok
23:21:44.0985 0576 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
23:21:45.0058 0576 uliagpkx - ok
23:21:45.0480 0576 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:21:45.0543 0576 uliahci - ok
23:21:45.0676 0576 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:21:45.0708 0576 UlSata - ok
23:21:45.0965 0576 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:21:46.0012 0576 ulsata2 - ok
23:21:46.0355 0576 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:21:46.0391 0576 umbus - ok
23:21:46.0593 0576 USBAAPL - ok
23:21:46.0649 0576 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
23:21:46.0689 0576 usbbus - ok
23:21:46.0741 0576 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:21:46.0753 0576 usbccgp - ok
23:21:46.0934 0576 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:21:46.0946 0576 usbcir - ok
23:21:47.0066 0576 UsbDiag (bc8b39fc8782a954af119bfbe8a77414) C:\Windows\system32\DRIVERS\lgusbdiag.sys
23:21:47.0078 0576 UsbDiag - ok
23:21:47.0132 0576 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
23:21:47.0152 0576 usbehci - ok
23:21:47.0499 0576 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
23:21:47.0515 0576 usbhub - ok
23:21:47.0672 0576 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
23:21:47.0708 0576 USBModem - ok
23:21:47.0995 0576 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:21:48.0027 0576 usbohci - ok
23:21:48.0373 0576 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:21:48.0384 0576 usbprint - ok
23:21:48.0617 0576 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:21:48.0628 0576 usbscan - ok
23:21:48.0949 0576 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:21:49.0035 0576 USBSTOR - ok
23:21:49.0369 0576 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:21:49.0378 0576 usbuhci - ok
23:21:49.0799 0576 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:21:49.0830 0576 vga - ok
23:21:49.0912 0576 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:21:49.0948 0576 VgaSave - ok
23:21:50.0377 0576 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
23:21:50.0411 0576 viaagp - ok
23:21:50.0628 0576 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:21:50.0639 0576 ViaC7 - ok
23:21:50.0891 0576 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
23:21:50.0955 0576 viaide - ok
23:21:51.0328 0576 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:21:51.0368 0576 volmgr - ok
23:21:51.0691 0576 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
23:21:51.0717 0576 volmgrx - ok
23:21:52.0234 0576 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
23:21:52.0240 0576 volsnap - ok
23:21:52.0648 0576 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:21:52.0662 0576 vsmraid - ok
23:21:52.0801 0576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:21:52.0835 0576 WacomPen - ok
23:21:52.0944 0576 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:21:52.0956 0576 Wanarp - ok
23:21:52.0962 0576 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:21:52.0963 0576 Wanarpv6 - ok
23:21:53.0263 0576 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:21:53.0300 0576 Wd - ok
23:21:53.0436 0576 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:21:53.0504 0576 Wdf01000 - ok
23:21:53.0815 0576 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:21:53.0871 0576 winachsf - ok
23:21:54.0329 0576 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:21:54.0350 0576 WmiAcpi - ok
23:21:54.0487 0576 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
23:21:54.0497 0576 WpdUsb - ok
23:21:54.0862 0576 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:21:54.0873 0576 ws2ifsl - ok
23:21:55.0026 0576 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:21:55.0051 0576 WUDFRd - ok
23:21:55.0132 0576 X4HS32Ex - ok
23:21:55.0157 0576 X4HSX32Ex - ok
23:21:55.0444 0576 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
23:21:55.0454 0576 XAudio - ok
23:21:55.0496 0576 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:21:55.0551 0576 \Device\Harddisk0\DR0 - ok
23:21:55.0571 0576 Boot (0x1200) (26a9650fd69dfa4174adcf1590a78108) \Device\Harddisk0\DR0\Partition0
23:21:55.0603 0576 \Device\Harddisk0\DR0\Partition0 - ok
23:21:55.0618 0576 Boot (0x1200) (2aa1d5d36b02f28c7a85856946a14fe7) \Device\Harddisk0\DR0\Partition1
23:21:55.0619 0576 \Device\Harddisk0\DR0\Partition1 - ok
23:21:55.0621 0576 ============================================================
23:21:55.0622 0576 Scan finished
23:21:55.0622 0576 ============================================================
23:21:55.0641 2740 Detected object count: 0
23:21:55.0641 2740 Actual detected object count: 0

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 20 October 2011 - 01:46 PM

No rootkit so please download and run Combofix and let's see what there is

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 23 October 2011 - 07:35 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#11 TWillGA

TWillGA
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 23 October 2011 - 11:27 PM

My apologies for the delay. I've been away from my computer. The ComboFix log is below.

ComboFix 11-10-23.03 - Toni 10/23/2011 21:58:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.766 [GMT -4:00]
Running from: c:\users\Toni\Desktop\comfix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Toni\AppData\Local\Microsoft\Windows\Temporary Internet Files\AxalX.jpg
c:\users\Toni\AppData\Local\Microsoft\Windows\Temporary Internet Files\B5m7y3P.jpg
c:\users\Toni\AppData\Local\Microsoft\Windows\Temporary Internet Files\pP5OO.jpg
c:\users\Toni\AppData\Local\Microsoft\Windows\Temporary Internet Files\y7Lyp70.jpg
c:\users\Toni\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\music\Big Band 1.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\music\cannon_in_d.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\aunt_sobs.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\bees.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\bonus_points.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\bridezilla.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\deliver_food.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\dialog_click.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\dialog_roll.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\end_of_level.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\fire.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\game_click.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\lost_points.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\pickup_food.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\pickup_guest.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\planning_right_choice.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\planning_win.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\planning_wrong_choice.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\quinn_fixing_problem.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\quinn_problem.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\ready_to_be_seated.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\audio\sfx\seat_guest.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\helppage.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\hintbg.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\levelinfo_bg.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\talldialog.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\bitmaps\ui\backgrounds\menu_main.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\back_button.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\back_button_highlight.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_down_long.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_down_med.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_down_short.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_hl_long.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_hl_med.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_hl_short.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_idle_long.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_idle_med.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\btn_idle_short.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\BTNgold_Down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\BTNgold_HL.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\BTNgold_Idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\buttondown.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\buttonrollover.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\buttonup.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\cp_buttondown.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\cp_buttonrollover.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\cp_buttonup.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\highscores_btn_purp_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\highscores_btn_purp_hl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\highscores_btn_purp_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\planner_btn_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\planner_btn_hl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\planner_btn_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\telephone_btn_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\telephone_btn_hl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\buttons\telephone_btn_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\cursor\cursor.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\bee.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\bubble.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\confetti.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\flame2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\flash.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_bees.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_bridezilla.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_chef_table_fire.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_end_of_level_1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_end_of_level_1_fullscreen.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_expert_goal_reached.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_goal_reached.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_guest_ready_to_dance.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_kiss.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_large_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_last_guest.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_last_guest_foreground.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_lost_points.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_medium_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_normal_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_planningreward.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_quinn_boost_meter.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_small_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_steam.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_ui_sparkle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\fx_upgrade.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\heart.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\heart2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_balloon.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_balloon2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_bees.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_bubbles.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_confetti_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_confetti_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_confetti_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_explosion_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_explosion_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_explosion_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flames_down.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flames_up.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flash_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flash_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flower1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flower2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_flower3.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_heartfall.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_heartsparkle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_kisses.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_negative.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_negative2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_reseating.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_rings.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_rings2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_smoke.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_sparkle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_sparkle_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_sparkle_menu.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_stars_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_stars_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_stars_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_steam_left.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_steam_right.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_steam_up.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_streamer_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_streamer_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\pfx_streamer_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\smoke.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\sparkle2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\sparkle4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\star.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\fx\streamer.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\global-hs-bb_large.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\global-hs-bb_small.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\hiscores_BG.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\bg_backyard.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\cake_table.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\cake_table.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\bg_genericdance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\bg_genericdance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_mad.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_mad.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_b2_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Brides and Grooms\gen_g2_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_cry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_cry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_highlight.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_highlight_sit.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\aunt_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG1_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg1_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\FG4_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\fg4_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG1_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg1_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\MG4_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\CHAR\mg4_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Chef_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_normal_work.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_normal_work.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_spin.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\chef_spin.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\DJ.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\dj.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\Quinn_amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_east.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_east.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\Quinn_fix.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_fix.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_idle.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_north.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_north.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_south.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_south.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_west.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Quinn\quinn_west.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_1amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_1amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_2amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_2amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_east2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_idle2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_north2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_south2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\character\Red\waitress_red_west2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\checkmark.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\checkmark.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\cross.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\expertbadge.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\App1Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\app1full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\App2Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\app2full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\App3Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\app3full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\App4Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\app4full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\AppEmpty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\AppFull.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake1Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake1Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake2Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake2Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake3Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Cake3Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\CakeEmpty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\CakeFull.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner1Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner1Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner2Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner2Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner3Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Dinner3Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\DinnerEmpty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\DinnerFull.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_app1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_app2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_app3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_app4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_appetizer.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_cake.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_dinner.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_dinner1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_dinner2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_dinner3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_gift.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_mark1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_mark2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\item_mark3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\menu.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\food\Shrimp_small.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Guest_ThoughtBalloon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\guestbubble_alert0003.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\guestbubble_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\guestbubble_warning.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\headerbg.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_1_image01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_1_image02.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_1_image03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_1_image04.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_2_image01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_2_image02.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\helpscreen\help_2_image03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Intro\intro_bg.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Intro\introballoon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\lastguest.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\loading\loading.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\loading\loading.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\pointleft.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\quinn_alert_balloon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\quinn_alert_balloon_highlight.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\quinn_alert_balloon_highlight_selected.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Quinn_expert.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Quinn_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Quinn_poor.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Quinn_ThoughtBalloon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\quinnbubble.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Speaker_Idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\speaker_idle.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\star.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\chair.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\chair06.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\dishbin.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\headtable1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\musicTable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\QuinnsTable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\redtable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\redtable_2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\redtable_6.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\table\servingtable_large.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_BG.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_00.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_00.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_01.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_02.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_02.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_03.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_04.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_04.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_05.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_05.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_06.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_06.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_07.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_07.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_08.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_08.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_09.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_09.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_10.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_10.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_11.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_11.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_12.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_12.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\UI_Flute_13.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\UI\UI_Flute\ui_flute_13.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upapp.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upband.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upcake4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upchair.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upchef.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upchefstable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upcheftable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\updance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\updrink.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upfast.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upgrade_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upgrade_rollover.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upmeal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\upgrades\upwaitress.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\audrey.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\audrey.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\cake4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\cake4.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\cake6.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\cake6.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\ira.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\ira.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\planner_bg.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\planning_end_note.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\points_heart.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\small_PLANNER_Flowers01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\small_PLANNER_Flowers02.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\small_PLANNER_Flowers03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\small_PLANNER_Flowers07.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upaudrey.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upcake4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upcake6.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upflowers1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upflowers2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upflowers3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upflowers7.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\uphoneymoon1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\uphoneymoon2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\uphoneymoon3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\uphoneymoon4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upira.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upquiche.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Asparagus.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Chicken.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_CrackersAndCheese.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Fish.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Shrimp.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\upWD_Planner_Steakl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\wp_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\images\Wedding Panning\wp_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\resources.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\arcade1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\basicSetting.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.3.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.4.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\game1.5.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\helpmenu1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\helpmenu2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\LevelDefines.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\LevelDialogGenerator.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\LevelManager.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\luaDebug.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\pausemenu.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\planning_tutorial.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\privacy.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\quitdialog.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.3.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.4.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\selection1.5.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\SelectionDefines.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\SelectionDialogGenerator.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\selection scripts\SelectionManager.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\style.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\upgrade1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\upgrades.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\userdata.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\settings.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\splash\aol_web_logo.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\splash\IE_fullcolor.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\strings.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\ui_scripts\common\coordinates.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\ui_scripts\common\style.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\ui_scripts\screens\main_menu_scrn.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\upsell\logo.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\upsell\upsell_img_1.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\upsell\upsell_img_2.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\upsell\upsell_img_3.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\assets\xsellstyle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\bin\bin2c
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\bin\luac
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.55\weddingdashlongnamenospace.exe
c:\windows\System32\HiRBHkkj.ini
c:\windows\System32\HiRBHkkj.ini2
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 02:27 . 2011-10-24 02:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A58E0822-2BBF-43DF-9411-8A2C82215B60}\offreg.dll
2011-10-24 02:14 . 2011-10-24 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-21 05:55 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A58E0822-2BBF-43DF-9411-8A2C82215B60}\mpengine.dll
2011-10-18 23:18 . 2011-10-18 23:18 -------- d-----w- c:\users\Toni\AppData\Roaming\webex
2011-10-18 23:01 . 2011-10-18 23:02 -------- d-----w- c:\programdata\WebEx
2011-10-06 19:01 . 2011-10-06 19:01 -------- d-----w- c:\users\Toni\AppData\Roaming\SUPERAntiSpyware.com
2011-10-06 18:40 . 2011-10-15 21:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-06 18:40 . 2011-10-06 18:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 21:00 . 2010-01-30 03:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 19:53 . 2011-08-21 19:53 489672 ----a-w- c:\users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-08-12 21:53 . 2011-08-12 21:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-15 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2011-02-01 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-23 211296]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-5-8 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1570134886-707570636-2599142632-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.Sys [x]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.Sys [x]
R3 EraserUtilDrv10631;EraserUtilDrv10631;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10631.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-06-18 19456]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-30 721904]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-09 218688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\DRIVERS\CdpPacket.sys [2007-09-06 35692]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-15 105592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\c5k9xmk9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-FXCM Trading Station II - g:\documents\Pictures\FXTS2\uninstall.exe
AddRemove-HijackThis - c:\program files\Hijackthis\HijackThis.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\STacSV.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2011-10-23 22:43:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-24 02:43
.
Pre-Run: 9,188,216,832 bytes free
Post-Run: 12,241,154,048 bytes free
.
- - End Of File - - 223F31656DC8E49DEBE09B41C51E1961

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 24 October 2011 - 05:46 PM

Can you next run ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#13 TWillGA

TWillGA
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 25 October 2011 - 11:13 PM

Hello,

I tried to perform this scan twice. First in IE, the scan ran for nearly 2 hours, then the pc rebooted. I noticed that at least 3 issues were found during the scan. When I tried to run it again, I got a message that the scan had been previously run, and it would not complete the process to download upgrades.

I tried again in Firefox, and the pc rebooted again (the same 3 issues were discovered). Is there a specific place I should look for a log since the scan may actually have completed and then rebooted the pc?

TWillGA

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 26 October 2011 - 11:13 AM

The path to the log files is C:\Program Files\ESET\ESET Online Scanner\log.txt
Posted Image
m0le is a proud member of UNITE

#15 TWillGA

TWillGA
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 26 October 2011 - 10:26 PM

Thank you. The log is below.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=36882
esets_scanner_update returned -1 esets_gle=36882
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users