Windows 7 Security 2012 HELP!!!

View previous topic View next topic Go down

Windows 7 Security 2012 HELP!!!

Post by Celina268 on Sat Jun 25, 2011 3:45 pm

I have this on my computer. Malwarebytes isn't detecting it and I can't get it off. It's starting to affect my computer. What can I do? Help please! It's going fast!

Celina268

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Sat Jun 25, 2011 4:57 pm

I updated malwarebytes and reran it. It found things this time and for the time being I am not having any issues. I hope it stays that way!

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Tue Jun 28, 2011 9:22 pm

Still have it! Sad tearing What can I do??

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Superdave on Tue Jun 28, 2011 11:26 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***********************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************************
Download DDS from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Wed Jun 29, 2011 1:28 am

Here is the SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 06/28/2011 at 07:35 PM

Application Version : 4.54.1000

Core Rules Database Version : 7348
Trace Rules Database Version: 5160

Scan type : Complete Scan
Total Scan Time : 00:48:46

Memory items scanned : 583
Memory threats detected : 1
Registry items scanned : 14970
Registry threats detected : 0
File items scanned : 41010
File threats detected : 147

Trojan.Agent/Gen-RogueAS
C:\USERS\CLARK\APPDATA\LOCAL\TEMP\LOW\NID.EXE
C:\USERS\CLARK\APPDATA\LOCAL\TEMP\LOW\NID.EXE
C:\USERS\CLARK\APPDATA\LOCAL\TEMP\LOW\1I03O.DLL

Adware.Tracking Cookie
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\clark@insightexpressai[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\clark@atdmt[2].txt
149.memecounter.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
2mdn.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
a.ads2.msads.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
a.media.abcfamily.go.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
acvs.mediaonenetwork.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
ads2.msads.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
b.ads2.msads.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
bc.youporn.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
cdn.eyewonder.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
cdn.insights.gravity.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
cdn4.specificclick.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
core.insightexpressai.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
ds.serving-sys.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
hs.interpolls.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
ia.media-imdb.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
macromedia.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.azfamily.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.ign.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.mtvnservices.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.nbcphiladelphia.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.onsugar.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.oprah.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.scanscout.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.subwayfreshbuzz.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.wcnc.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media1.break.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
mediaforgews.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
mediapartner.bigpoint.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
msnbcmedia.msn.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
objects.tremormedia.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
s0.2mdn.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
secure-us.imrworldwide.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
serving-sys.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
sftrack.searchforce.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
spe.atdmt.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
tracker.dominos.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
udn.specificclick.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
video.anbmedia.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
vidii.hardsextube.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
[You must be registered and logged in to see this link.] [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
[You must be registered and logged in to see this link.] [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
[You must be registered and logged in to see this link.] [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
[You must be registered and logged in to see this link.] [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
wwwstatic.megaporn.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@bs.serving-sys[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediaplex[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@revsci[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@questionmarket[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@wistatefair[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@a1.interclick[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@pub44.bravenet[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@content.yieldmanager[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@legolas-media[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.yieldmanager[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adserver.adtechus[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@media303[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.yieldmanager[5].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@fastclick[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adserv.rotator.hadj7.adjuggler[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@casalemedia[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediaplex[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@[You must be registered and logged in to see this link.]
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@casalemedia[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@atdmt[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.yieldmanager[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.pgatour[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@viacom.adbureau[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@tacoda.at.atwola[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@content.yieldmanager[4].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ru4[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@collective-media[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@2o7[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@eyewonder[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@burstbeacon[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@3dclicktracker[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.undertone[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@t.pointroll[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@burstnet[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@advertising[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@apnonline.112.2o7[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediabrandsww[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@realmedia[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.undertone[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@zedo[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adlegend[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.advancedmn[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@tripod[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@tribalfusion[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@content.yieldmanager[5].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.wsod[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@insightexpressai[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@doubleclick[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@invitemedia[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@specificclick[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adbrite[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@r1-ads.ace.advertising[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@interclick[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@trafficmp[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@media6degrees[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@stat.onestat[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@statcounter[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@interclick[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@at.atwola[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.pointroll[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adbrite[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@pn1.adserver.yahoo[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@interclick[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@zedo[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@lucidmedia[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@media6degrees[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@a1.interclick[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@pro-market[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@dc.tremormedia[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@a1.interclick[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@2o7[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.yieldmanager[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@advertising[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.nba[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adxpose[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@apmebf[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@atdmt[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@beacon.dmsinsights[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@bravenet[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@content.yieldmanager[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@doubleclick[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@imrworldwide[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediaplex[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediaplex[4].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@msnportal.112.2o7[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@pointroll[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@questionmarket[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@questionmarket[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@realmedia[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@richmedia.yahoo[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ru4[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@s.clickability[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@serving-sys[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@[You must be registered and logged in to see this link.]
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@[You must be registered and logged in to see this link.]
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@xiti[1].txt
.doubleclick.net [ C:\Users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\cookies.sqlite ]

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Wed Jun 29, 2011 1:32 am

Here is the DDS.txt:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Clark at 20:29:37 on 2011-06-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4483 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = ;*.local
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: []
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - [You must be registered and logged in to see this link.]
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - [You must be registered and logged in to see this link.]
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{189A7EA4-E3E5-4BEB-805A-E0A751964664} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Clark\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: XULRunner: {57DDC497-AE35-4B5F-85D7-5ACDC971B3EC} - C:\Users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSviA64.sys [2010-4-17 466992]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-2-23 117640]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-24 240160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-23 135664]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-23 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-28 23:42:58 -------- d-----w- C:\Users\Clark\AppData\Roaming\SUPERAntiSpyware.com
2011-06-28 23:42:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-28 23:42:51 -------- d-----w- C:\ProgramData\!SASCORE
2011-06-28 23:42:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-28 13:55:22 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF883CB9-5E7A-4E3F-AB95-E6730BDFF4C8}\mpengine.dll
2011-06-25 19:04:43 -------- d-----w- C:\Program Files\iTunes
2011-06-25 19:04:43 -------- d-----w- C:\Program Files\iPod
2011-06-25 19:04:43 -------- d-----w- C:\Program Files (x86)\iTunes
2011-06-25 19:02:41 -------- d-----w- C:\Program Files\Bonjour
2011-06-25 19:02:41 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-06-16 06:57:02 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-06-16 06:57:01 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 06:57:01 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 06:57:00 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 06:57:00 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
.
==================== Find3M ====================
.
2011-05-29 14:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-06 21:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 21:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 21:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 21:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
.
============= FINISH: 20:30:45.71 ===============

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Wed Jun 29, 2011 1:33 am

Here is the Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/22/2010 8:22:43 PM
System Uptime: 6/28/2011 8:23:29 PM (0 hours ago)
.
Motherboard: eMachines | | MCP61PM-GM
Processor: AMD Athlon(tm) II X2 235e Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 687 GiB total, 605.707 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Plus B209a-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart Plus B209a-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP243: 5/27/2011 7:04:00 AM - Windows Update
RP244: 5/31/2011 5:43:25 PM - Windows Update
RP245: 6/3/2011 5:53:46 AM - Windows Update
RP246: 6/7/2011 8:28:18 PM - Windows Update
RP247: 6/10/2011 10:28:12 AM - Windows Update
RP248: 6/14/2011 7:30:52 AM - Windows Update
RP249: 6/16/2011 3:00:21 AM - Windows Update
RP250: 6/17/2011 5:30:29 PM - Windows Update
RP251: 6/21/2011 9:35:05 AM - Windows Update
RP252: 6/24/2011 7:52:29 AM - Windows Update
RP253: 6/25/2011 2:03:23 PM - Installed iTunes
RP254: 6/28/2011 3:00:21 AM - Windows Update
RP255: 6/28/2011 8:55:03 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Advertising Center
Alchemy Deluxe
Apple Application Support
Apple Software Update
B209a-m
Balloon Blast
Beat Hazard
Best Games Hits 3
Bricks of Camelot
Brickshooter Egypt
BufferChm
Compatibility Pack for the 2007 Office system
Concentration (remove only)
Coupon Printer for Windows
Crazy Chicken Pinball
Crystal Caverns of Amon-Ra
Dave Ramsey's Financial Peace Financial Software
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DeviceDiscovery
Dynasty of Egypt
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
ESET Online Scanner v3
File Extension Finder
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HiJackThis
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Identity Card
Iggle Pop Deluxe
ImagXpress
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 21
Jewels of the Nile
Junk Mail filter update
Kakuro Mania! 10,000
Lexmark 2300 Series
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Internet Security
Norton Online Backup
NVIDIA ForceWare Network Access Manager
Phoenix Assault
PS_AIO_06_B209a-m_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Run N Gun Football
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SmartWebPrinting
Snowboard SuperJam
SolutionCenter
Status
Taipei Mahjongg 25K
Tank-o-Box
The Price Is Right 1.1.0
Toolbox
TrayApp
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update Installer for WildTangent Games App
WebReg
Welcome Center
WildTangent Games App (eMachines Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WWII Tank Commander
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/28/2011 8:47:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
6/28/2011 7:22:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/28/2011 3:48:42 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Clark-PC\Clark SID (S-1-5-21-464309943-274483538-4150013216-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/25/2011 2:04:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
6/25/2011 2:03:04 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2011 2:02:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2011 1:44:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR13.
6/25/2011 1:43:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR12.
6/25/2011 1:40:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR10.
6/25/2011 1:31:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR9.
6/25/2011 1:29:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
6/22/2011 2:11:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Superdave on Wed Jun 29, 2011 7:06 pm

The log shows that your AV; "AV: Norton Internet Security *Disabled/Outdated" is disabled and out-of-date. Please enable this and get it updated.

Download [You must be registered and logged in to see this link.] to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uURLSearchHooks: H - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
FF - Ext: XULRunner: {57DDC497-AE35-4B5F-85D7-5ACDC971B3EC} - C:\Users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
****************************************************************
Please read here for more information about [You must be registered and logged in to see this link.]. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

WildTangent Web Driveror anything related to WildTangent.
*******************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click [You must be registered and logged in to see this link.] to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Thu Jun 30, 2011 2:55 pm

Is having AV: Norton Internet Security a necessity? I was told by someone at some point (forgive me for not remembering) that Norton is more of an annoyance. I am working on the other things you have posted.

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Thu Jun 30, 2011 3:03 pm

Here is the OTL:

All processes killed
========== OTL ==========
File Ext: XULRunner: {57DDC497-AE35-4B5F-85D7-5ACDC971B3EC} - C:\Users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC} not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Clark
->Temp folder emptied: 862806977 bytes
->Temporary Internet Files folder emptied: 162834982 bytes
->Java cache emptied: 46834979 bytes
->FireFox cache emptied: 56270224 bytes
->Apple Safari cache emptied: 1459200 bytes
->Flash cache emptied: 3427873 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-CLARK-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 79595 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 673102460 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 109614573 bytes

Total Files Cleaned = 1,828.00 mb


OTL by OldTimer - Version 3.2.24.2 log created on 06302011_095659

Files\Folders moved on Reboot...
C:\Users\Clark\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\JETA6D9.tmp not found!

Registry entries deleted on Reboot...

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Thu Jun 30, 2011 3:13 pm

Also, I tried to remove WildTangent stuff before, but it's not listed in the Add/Remove programs. It goes straight from 'Welcome Center' to "Windows Live Essentials". I don't know where else to look.

I have an appointment shortly, so I will do the Java and Combofix when I return.

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Superdave on Thu Jun 30, 2011 7:19 pm

Is having AV: Norton Internet Security a necessity? I was told by someone at some point (forgive me for not remembering) that Norton is more of an annoyance.
Well, it's an anti-virus program but it doesn't have a reputation of performing very well. If you wish to change, here's a list below of some good free AV's I,personally, feel MicroSoft Security Essentials is one of the best; very lightweight and constantly being updated.Download and install a new one, then remove Norton. If you have trouble removing it, please let me know and I'll give you a program to remove it.

Remember to only install one antivirus!

1) [You must be registered and logged in to see this link.]
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
4-a) [You must be registered and logged in to see this link.]
5) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) [You must be registered and logged in to see this link.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Thu Jun 30, 2011 11:02 pm

Here is the combofix log:

ComboFix 11-06-30.03 - Clark 06/30/2011 17:44:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4739 [GMT -5:00]
Running from: c:\users\Clark\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}\chrome.manifest
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}\chrome\content\_cfg.js
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}\chrome\content\overlay.xul
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}\install.rdf
c:\users\Clark\AppData\Local\Temp\CCEF.tmp
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
----- BITS: Possible infected sites -----
.
[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 22:49 . 2011-06-30 22:49 -------- d-----w- c:\users\Mcx1-CLARK-PC\AppData\Local\temp
2011-06-30 22:49 . 2011-06-30 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 22:27 . 2011-06-30 22:27 -------- d-----w- c:\program files (x86)\7-Zip
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\program files (x86)\TinyZIP
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\programdata\W3i
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\program files (x86)\W3i
2011-06-30 22:11 . 2011-06-30 22:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-30 22:10 . 2011-05-04 09:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\users\Clark\AppData\Roaming\SUPERAntiSpyware.com
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\programdata\!SASCORE
2011-06-28 23:42 . 2011-06-28 23:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-28 13:55 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF883CB9-5E7A-4E3F-AB95-E6730BDFF4C8}\mpengine.dll
2011-06-25 19:04 . 2011-06-25 19:05 -------- d-----w- c:\program files\iTunes
2011-06-25 19:04 . 2011-06-25 19:05 -------- d-----w- c:\program files (x86)\iTunes
2011-06-25 19:04 . 2011-06-25 19:04 -------- d-----w- c:\program files\iPod
2011-06-25 19:03 . 2011-06-25 19:03 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-06-25 19:02 . 2011-06-25 19:02 -------- d-----w- c:\program files\Bonjour
2011-06-25 19:02 . 2011-06-25 19:02 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-16 06:57 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 06:57 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 06:57 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 06:57 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 06:57 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2010-07-04 06:22 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-07-04 06:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 00:14 . 2010-04-25 22:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 09:52 . 2010-09-17 18:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-22 20:18 . 2011-05-25 13:10 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:58 . 2011-05-19 03:59 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 12:49 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 12:49 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 12:49 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 03:59 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-06-22 2408448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100415.001\IDSvia64.sys [2009-10-28 466992]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-11-24 117640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 06:50]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 06:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = ;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Kakuro Mania! 10,000 - c:\program files (x86)\Kakuro Mania! 10
AddRemove-Lexmark 2300 Series - c:\program files (x86) (x86)\Lexmark 2300 Series\Install\x64\Uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-06-30 17:55:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-30 22:55
.
Pre-Run: 652,840,067,072 bytes free
Post-Run: 652,425,306,112 bytes free
.
- - End Of File - - 75DA26B0C4B66A1F5987C4C267EBF0E9

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Superdave on Thu Jun 30, 2011 11:55 pm

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:6092

    Folder::
    c:\program files (x86)\WildTangent Games\App

    Driver::
    GamesAppService

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

***************************************************
Please download the [You must be registered and logged in to see this link.] and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)

    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted,and tell me how your computer is running now

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Fri Jul 01, 2011 1:46 am

Here is the combofix:

ComboFix 11-06-30.03 - Clark 06/30/2011 19:56:05.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4821 [GMT -5:00]
Running from: c:\users\Clark\Desktop\ComboFix.exe
Command switches used :: c:\users\Clark\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WildTangent Games\App
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\NP_wtapp.dll
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\wtapp_PresenceDetector.dll
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\wtapp_PresenceDetector.dll
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\wtapp_ProtocolHandler.exe
c:\program files (x86)\WildTangent Games\App\GameConsole-wt.exe
c:\program files (x86)\WildTangent Games\App\GameConsole.exe
c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
c:\program files (x86)\WildTangent Games\App\InstalledVersion
c:\program files (x86)\WildTangent Games\App\PatchTools\BSDiff_Patch.exe
c:\program files (x86)\WildTangent Games\App\PatchTools\Park.exe
c:\program files (x86)\WildTangent Games\App\PatchTools\Updater.exe
c:\program files (x86)\WildTangent Games\App\ProtectorProxy.exe
c:\program files (x86)\WildTangent Games\App\UI\DepositCoin.wav
c:\program files (x86)\WildTangent Games\App\UI\Footer.html
c:\program files (x86)\WildTangent Games\App\UI\GamePlay_Loader.html
c:\program files (x86)\WildTangent Games\App\UI\GamePlay_Offline.html
c:\program files (x86)\WildTangent Games\App\UI\Header.html
c:\program files (x86)\WildTangent Games\App\UI\MyAccount_Offline.html
c:\program files (x86)\WildTangent Games\App\UI\MyGames.html
c:\program files (x86)\WildTangent Games\App\UI\MyGamesDropDown.htm
c:\program files (x86)\WildTangent Games\App\UI\NavError.html
c:\program files (x86)\WildTangent Games\App\UI\NewTab.html
c:\program files (x86)\WildTangent Games\App\UI\OfflineSignIn.html
c:\program files (x86)\WildTangent Games\App\UI\OfflineSignInWrapper.html
c:\program files (x86)\WildTangent Games\App\UI\Parental.html
c:\program files (x86)\WildTangent Games\App\UI\Resources\de.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\en-us.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\es-es.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\es.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\fr.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\it.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\ko.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\pt.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\zh-chs.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\zh-cht.xml
c:\program files (x86)\WildTangent Games\App\UI\Scripts\block_space.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\common.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\controllers.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\footer.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\gameClient.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\gameplay.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\gameplay_loader.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\gameplay_offline.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\header.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\jquery.blend.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\jquery.colorbox.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\jquery.min.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\jquery.wt-carousel.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\localization.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\mygames.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\mygamesdropdown.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\newtab.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\OfflineSignIn.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\progress.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\searchsuggest.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\settings.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\wt.js
c:\program files (x86)\WildTangent Games\App\UI\search.html
c:\program files (x86)\WildTangent Games\App\UI\searchSuggest.htm
c:\program files (x86)\WildTangent Games\App\UI\Settings.html
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\colorbox.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\common.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\controllers.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\footer.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\gameplay_loader.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\gameplay_offline.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\header.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\de\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\en-us\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\es-es\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\es\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\fr\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\it\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\ko\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\pt\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\zh-chs\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\zh-cht\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\myAccount_offline.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\mygames.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\mygamesdropdown.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\NavError.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\newtab.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\offlineSignIn.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\parental.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\searchSuggest.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\settings.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0001.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0002.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0003.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0004.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0005.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0006.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0007.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0008.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0009.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0010.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0011.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0012.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0013.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0014.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0015.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0016.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0017.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0018.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0019.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0020.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0021.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0022.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0023.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0024.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0025.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0026.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0027.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0028.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0029.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0030.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0031.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0032.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0033.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0034.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0035.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0036.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0037.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0038.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0039.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0040.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0001.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0002.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0003.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0004.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0005.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0006.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0007.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0008.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0009.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0010.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0011.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0012.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0013.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0014.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0015.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0016.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0017.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0018.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0019.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0020.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0021.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0022.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0023.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0024.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0025.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0026.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0027.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0028.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0029.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0030.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0031.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0032.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0033.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0034.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0035.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0036.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0037.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0038.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0039.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0040.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\border.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\controls.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderBottomCenter.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderBottomLeft.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderBottomRight.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderMiddleLeft.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderMiddleRight.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderTopCenter.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderTopLeft.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderTopRight.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\loading.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\loading_background.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\overlay.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arrow_left.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arrow_right.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_left.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_left_o.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_leftinactive.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_right.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_right_o.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_rightinactive.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_alpha.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_animatedprogress.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_animatedprogress_bbdl.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_content.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_content_bottom.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_content_dark.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_content_dark_top.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_footer.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_footeropen.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_footeropenlink.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_footeropenlink_o.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_megadropdown.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_navbar.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_navbar.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_progress.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_progress.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_progressbar.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_searchframe.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_tabs.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\button_shadow_med.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\carousel_bottom.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\carousel_edge_left.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\carousel_edge_right.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\carousel_top.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\coinslot.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\ctrl_shadow.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\ctrl_shadow_small.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\ctrl_shadow_wire.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\ctrl_shadow_wire_short.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\error_indicator.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\esrb_ratings.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\favicon.ico
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\favicon.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\footer_center.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\footer_left.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\footer_right.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\game_icon_mask.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\header_icons.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_cart.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_closefooter.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_closefooter_o.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_myaccount.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_placeholder.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_search.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_settings.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\indicator_active.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\indicator_inactive.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\loading_dots.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\loading_icon.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\lock.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\lock_closed.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\lock_open.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\mygames_hr.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\mygames_placeholder.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\myGamesHeaderBar_bg.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\nav_arrow.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\nav_div.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_facebook.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_hp.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_hulu.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_myspace.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_pandora.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_snapfish.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_twitter.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\progress_cancel.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\progress_pause.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\progress_resume.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\refresh.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\refresh_o.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\remove_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\search_icon_alt.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\settings_favicon.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\slider.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\sort_arrow.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\sort_button.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\sort_button_selected.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\spacer.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_active.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_active_end.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_active_end_mygames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_active_mygames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_add.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_close.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_close_o.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_controls.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_inactive.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_inactive_end.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_inactive_end_mygames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_inactive_mygames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_loading.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\trash_20x20.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\view_carousel.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\view_list.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_bg.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_bg_interstitial.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_close.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_close_o.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_coinslot.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_end_coinslot.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\StartupConfig.ini
c:\program files (x86)\WildTangent Games\App\uninstall.exe
c:\program files (x86)\WildTangent Games\App\WTDownloader.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_GamesAppService
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 01:00 . 2011-07-01 01:00 -------- d-----w- c:\users\Mcx1-CLARK-PC\AppData\Local\temp
2011-07-01 01:00 . 2011-07-01 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 23:05 . 2011-06-30 23:05 -------- d-----w- c:\users\Clark\AppData\Roaming\HPAppData
2011-06-30 22:27 . 2011-06-30 22:27 -------- d-----w- c:\program files (x86)\7-Zip
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\program files (x86)\TinyZIP
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\programdata\W3i
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\program files (x86)\W3i
2011-06-30 22:11 . 2011-06-30 22:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-30 22:10 . 2011-05-04 09:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\users\Clark\AppData\Roaming\SUPERAntiSpyware.com
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\programdata\!SASCORE
2011-06-28 23:42 . 2011-06-28 23:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-28 13:55 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF883CB9-5E7A-4E3F-AB95-E6730BDFF4C8}\mpengine.dll
2011-06-25 19:04 . 2011-06-25 19:05 -------- d-----w- c:\program files\iTunes
2011-06-25 19:04 . 2011-06-25 19:05 -------- d-----w- c:\program files (x86)\iTunes
2011-06-25 19:04 . 2011-06-25 19:04 -------- d-----w- c:\program files\iPod
2011-06-25 19:03 . 2011-06-25 19:03 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-06-25 19:02 . 2011-06-25 19:02 -------- d-----w- c:\program files\Bonjour
2011-06-25 19:02 . 2011-06-25 19:02 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-16 06:57 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 06:57 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 06:57 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 06:57 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 06:57 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2010-07-04 06:22 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-07-04 06:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 00:14 . 2010-04-25 22:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 09:52 . 2010-09-17 18:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-22 20:18 . 2011-05-25 13:10 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:58 . 2011-05-19 03:59 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 12:49 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 12:49 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 12:49 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 03:59 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-24 17:15 . 2011-06-30 22:52 52026 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-30 22:52 41024 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-23 02:24 . 2011-06-30 22:52 10426 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-464309943-274483538-4150013216-1000_UserData.bin
- 2010-02-23 02:33 . 2011-06-30 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-23 02:33 . 2011-07-01 00:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-23 02:33 . 2011-06-30 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-23 02:33 . 2011-07-01 00:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-30 22:50 . 2011-06-30 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-01 01:02 . 2011-07-01 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-01 01:02 . 2011-07-01 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-30 22:50 . 2011-06-30 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-23 13:31 . 2011-07-01 00:36 301332 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-06-30 15:05 632708 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-01 01:06 632708 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-01 01:06 110342 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-06-30 15:05 110342 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-06-30 22:49 395176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-01 01:01 395176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-06-30 16:29 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-06-30 23:05 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-06-22 2408448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100415.001\IDSvia64.sys [2009-10-28 466992]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-11-24 117640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 06:50]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 06:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF24984.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-06-30 20:11:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-01 01:11
ComboFix2.txt 2011-06-30 22:55
.
Pre-Run: 652,450,222,080 bytes free
Post-Run: 652,026,081,280 bytes free
.
- - End Of File - - 3195D24047A450ADA640192013BFE1FE

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Fri Jul 01, 2011 1:59 am

Through the Windows Explorer, I don't have a blue shield icon. It only has the Sophos Anti-Rootkit shield. When I click on that, Running processes is greyed out....Windows registry and Local hard drives have checks next to them. Do you want me to run the scan anyway with just those two things checked?

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Superdave on Fri Jul 01, 2011 6:19 pm

I don't have a blue shield icon. It only has the Sophos Anti-Rootkit shield. When I click on that, Running processes is greyed out....Windows registry and Local hard drives have checks next to them. Do you want me to run the scan anyway with just those two things checked?.
Please go ahead and try it. If it doesn't work, please try this one.

Please download [You must be registered and logged in to see this link.] and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Sat Jul 02, 2011 3:50 pm

I ran the Sophos and it gave a list of files and also this in the text box: (I haven't checked anything or cleaned anything yet)

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\Clark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\31YIU7PA\=vt.bv;btg=vt.eb;btg=vt.cp;btg=vt.di;btg=vt.ed;btg=vt.ai;btg=vt.fm;btg=vt.do;btg=vt.ei;btg=vt.w;btg=vt.e;btg=vt.x;btg=vt.f;btg=cm[2].weath_m;ord=7248994205311282
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Superdave on Sat Jul 02, 2011 10:50 pm

Please run Rooter and see what comes up.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Sun Jul 03, 2011 12:26 am

Rooter took less than five seconds. Here's what it said.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7600.16385
Mozilla Firefox 3.6.13 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:686 Go - Free:607 Go )
D:\ [CD_Rom]
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
.
Scan : 19:25.36
Path : C:\Users\Clark\Desktop\Rooter.exe
User : Clark ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ?????????? (276)
______ ?????????? (404)
______ ?????????? (456)
______ ?????????? (488)
______ ?????????? (512)
______ ?????????? (536)
______ ?????????? (544)
______ ?????????? (652)
______ ?????????? (672)
______ ?????????? (748)
______ ?????????? (788)
______ ?????????? (852)
______ ?????????? (948)
______ ?????????? (980)
______ ?????????? (384)
______ ?????????? (108)
______ ?????????? (1196)
______ ?????????? (1260)
______ ?????????? (1292)
______ ?????????? (1376)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1408)
______ C:\Program Files (x86)\Bonjour\mDNSResponder.exe (1452)
______ C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (1504)
______ C:\Windows\SysWOW64\svchost.exe (1552)
______ C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (1620)
______ ?????????? (1928)
______ ?????????? (1956)
______ C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (1992)
______ ?????????? (2012)
______ ?????????? (1112)
______ ?????????? (2356)
______ ?????????? (2464)
______ ?????????? (2072)
______ ?????????? (2580)
______ ?????????? (1272)
______ C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (1132)
______ ?????????? (2612)
______ ?????????? (2076)
______ ?????????? (3732)
______ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3812)
______ C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (4088)
______ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (288)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3752)
______ C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (3788)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (1164)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (908)
______ ?????????? (2284)
______ C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe (3584)
______ ?????????? (3796)
______ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (4228)
______ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (4276)
______ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (4576)
______ ?????????? (3376)
______ ?????????? (872)
______ C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe (2280)
Locked audiodg.exe (604)
______ ?????????? (3108)
______ ?????????? (4688)
______ ?????????? (2532)
______ ?????????? (2404)
______ ?????????? (4768)
______ ?????????? (4484)
______ C:\Users\Clark\Desktop\Rooter.exe (2040)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:12884901888)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:12885950464 | Length:104857600)
\Device\Harddisk0\Partition3 (Start_Offset:12990808064 | Length:737163608064)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 19:25.38
.
C:\Rooter$\Rooter_2.txt - (02/07/2011 | 19:25.38)

Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Superdave on Sun Jul 03, 2011 12:52 am

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Celina268 on Sun Jul 03, 2011 5:20 am

After running ESET, this is the threat found:

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\isyxt0.jar Java/TrojanDownloader.Agent.NAL trojan deleted - quarantined



Celina268
Intermediate
Intermediate

Posts Posts : 175
Joined Joined : 2010-07-04
OS OS : Windows 7
Points Points : 26199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows 7 Security 2012 HELP!!!

Post by Superdave on Sun Jul 03, 2011 6:09 pm

That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*************************************************
Use the [You must be registered and logged in to see this link.] to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum