Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cannot get all of this out and it keeps multiplying

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

got it done

Unread postby Keronadon » July 26th, 2007, 11:02 am

The programs that are disabled in MSconfig are unecessary startup programs that I disabled long ago,the norton and mcaffees stuff that is still in there can be removed if you can tell me how we have a 2 year contract for Nod32.The computer is running a lot better,something happened when I ran combofix,I had nod32 strill running while combofix was running and did not realize it and when combofix was finishing up NOd32 came up with an alert for the C:\WINDOWS\system32\zejwaqwg.exe file and qurantined it,I do not know how it managed to catch a file while combofix was running that it said it could do nothing with when it first found it.Here is the combofix log.Be warned,its a little long:)

"Owner" - 2007-07-26 9:18:11 - ComboFix 07-07-17.8 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\WildTangent
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{357ECB62-CD36-4B63-B57E-769D0CA174F4}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{3EA6838C-5C34-4F9C-A8DA-434D65DD1356}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{4F0AE1FB-4082-4A27-8363-05D292D92FB0}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{5415BC25-6D6C-46C4-B34C-EA8470FE56D5}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{63272979-21F0-48EF-9B97-A83DBC05BE39}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{753FE96B-D926-4B6C-BCFB-CC59153D004A}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{7841B68B-B7DD-408E-8B45-D5CA39608185}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{9FA01E11-9015-4140-B10A-5C6AA949B2FC}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{A27EAF80-CBFC-4F56-94E1-929A401D7515}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\cannonballs_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\cannonballs_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\cannonballs_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\cannonballs_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\download_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\download_over_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\play_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\play_over_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_1.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_14.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_15.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_16.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_17.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_18.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_19.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_2.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_20.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_3.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_8.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_9.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_1.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_14.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_15.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_16.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_17.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_18.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_19.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_2.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_20.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_3.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_8.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_9.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\images\background.JPG
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\images\button.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\images\button_over.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_01.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_down_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_over_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_play_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_play_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_play_down_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_play_over_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_over_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\1.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\10.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\11.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\12.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\13.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\14.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\15.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\16.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\17.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\18.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\19.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\2.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\20.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\21.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\22.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\23.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\24.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\25.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\26.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\27.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\28.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\29.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\3.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\30.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\31.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\32.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\33.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\34.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\35.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\36.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\37.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\38.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\39.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\4.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\40.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\41.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\42.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\43.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\44.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\45.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\46.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\47.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\48.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\49.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\5.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\50.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\6.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\7.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\8.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\9.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\animtable_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\animtable_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\animtable_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\animtable_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_01.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_02.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_03.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_04.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_05.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_06.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_07.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_08.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_09.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_10.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_11.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_12.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_13.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_14.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_15.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_16.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_01.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_02.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_04.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_05.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_play_down.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_play_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_play_up.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_pre_down.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_pre_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_pre_up.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_2.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_3.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_09.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_10_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\spacer.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_09.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_downloading_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_downloading_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_downloading_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_downloading_09.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_over_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_play_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_play_over_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_up_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\download.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\play.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\rock.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\spacer.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\whats_included.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\whats_new.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{910fa28d-4ecc-41c9-8d7e-d9cbe5047736}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{910fa28d-4ecc-41c9-8d7e-d9cbe5047736}\gc.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{910fa28d-4ecc-41c9-8d7e-d9cbe5047736}\icon.ico
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{910fa28d-4ecc-41c9-8d7e-d9cbe5047736}\welcome.hta
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\blasterball_dl_bar_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_03.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_down_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_down_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_over_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_over_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_play_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_play_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_play_down_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_play_over_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\button.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\button_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_14.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_15.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_8.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_9.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_8.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_9.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\spacer.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_09.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_dl_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_dl_over_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_play_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_play_over_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\button.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\button_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_14.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_15.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_16.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_17.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_18.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_19.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_20.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_21.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_01.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_02.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_03.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_04.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_05.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_download_down.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_download_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_download_up.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_playnow_down.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_playnow_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_playnow_up.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\spacer.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\index.html
C:\Program Files\WildTangent\Apps\wtKernel0100.dll
C:\Program Files\WildTangent\Components\SystemConfig0100.dll
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\_eula.txt
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\BB.htm
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_01.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_02.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_03.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_03a.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_04.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_05.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_06.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\interstital.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\quit.htm
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\quit.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\restart.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\restart.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\credits.dat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\normal.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\normal.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\reading-white.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\reading.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\reading.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\selected.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\selected.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\title.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\title.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\titleback.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\titleback.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\accessdenied.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\arrowline.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\backdrop.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\0.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\1.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\2.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\3.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\4.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\5.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\6.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\7.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\8.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\9.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\div.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_1.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_2.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_3.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_4.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_5.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon0.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon1.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon2.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon3.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon4.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_a.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_off.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_scroll.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_scroll_a_off.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_scroll_a_on.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\demoend.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\enter.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\enterstripes.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\gameover.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_bogg.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_boggbro.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_bugturret.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_grenadeturret.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_hyperwidge.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_myte.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_shrimp.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_split.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_superwidge.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_turret.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_widge.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\leftarrow.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\levelcomplete.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\main.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\menu2.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\menu2_mask.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\menu2_mask_a.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\ok.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\okbackdrop.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\rightarrow.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\save.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\backdrop.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\continue.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\save.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\thinline.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\total.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\textbackdrop.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\theend.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\thinline.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\totalbounty.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\demo_bsp.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\demo_ent.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\ai_helixringkiller.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9lock1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9lock2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9polelight1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9polelight2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9polelight3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_demo.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev1_front.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev2_back.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev3_back.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev3_front.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev5_back.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev5_front.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev6_back.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev6_front.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_bosspain_bossbox.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_crusher_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_crusher_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_crusher_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_bigpit_lev3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_lev1_energy.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_lev8_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_lev8_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_lev8_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_tocommies.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_demobridge.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_demodoor.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_demotrigger.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_chainnet_dry.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_helixspitter.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev1_airlock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev1_cables.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev1_pistons1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev1_pistons2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_airlock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_fans26.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pipes_a.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pipes_b.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pipes1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pipes2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pistons1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pistons2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable01.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable02.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable03.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable04.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable05.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable06.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable07.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable08.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev3_airlock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere8.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere9.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev56 fingers.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev56_airlock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5lock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev9tensioner.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lock5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lockplate_lev3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_raybarrier_lev1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_rock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_wind_lev1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclockbridge.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_fan_lev2_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_fan_lev2_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_fan_lev2_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_fence.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_helixringanimated.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_helixringmachinery.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holepieces.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_10.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_11.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_12.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_13.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_8.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_9.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_10.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_11.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_12.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_13.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_14.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_15.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_16.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_17.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_18.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_19.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_20.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_21.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_22.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_23.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_24.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_25.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_26.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_8.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_9.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubbridge.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_entrance1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_entrance2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_entrance3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_exit1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_exit2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_exit3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubped.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_jerry.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_lock3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_lock6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_lock7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_lockdemo.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_10.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_12.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_13.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_14.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_8.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_9.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_hubgapfiller.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2_fans26_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable01_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable02_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable03_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable04_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable05_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable06_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2ca
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina
Advertisement
Register to Remove

Limits?

Unread postby Keronadon » July 26th, 2007, 11:18 am

Okay there seems to be a limit to either how much can be copied and pasted or the length of a post so I am gonna skip all the wildtangent stuff comobfix took out or I would be posting all day,Here is everything after wildtangent from the combofix log.

C:\WINDOWS\pss\Date Manager.lnkCommon Startup
C:\WINDOWS\pss\GStartup.lnkCommon Startup
C:\WINDOWS\pss\PrecisionTime.lnkCommon Startup
C:\WINDOWS\system32\zejwaqwg.exe


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-24 08:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-20 18:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 10:44 <DIR> d-------- C:\Program Files\Viewpoint
2007-07-19 08:26 <DIR> d-------- C:\DOCUME~1\Owner\temp
2007-07-17 07:53 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\VERITAS
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\Share-to-Web Upload Folder
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\SampleView
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\InterTrust
2007-07-16 08:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1.LON\NTUSER.DAT
2007-07-16 08:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\WINDOWS
2007-07-15 13:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-15 13:11 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-15 13:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-07-04 02:49 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Pogo Games
2007-06-29 11:17 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-29 11:17 21,504 --a------ C:\WINDOWS\system32\hidserv.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 09:11:17 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-24 18:15:08 -------- d-----w C:\Program Files\CLSetup07
2007-07-24 13:19:48 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-24 12:58:48 -------- d-----w C:\Program Files\AWS
2007-07-24 12:58:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-16 04:30:43 -------- d-----w C:\Program Files\Pogo Auto Loader
2007-07-16 04:18:05 -------- d-----w C:\Program Files\Oberon Media
2007-07-15 18:22:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-07-15 18:17:31 -------- d-----w C:\Program Files\Yahoo!
2007-07-05 00:35:34 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-07-05 00:35:34 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll
2007-06-12 02:03:21 -------- d-----w C:\Program Files\KeyText
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 16:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
2006-12-18 18:30 726568 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
2002-09-10 02:45 118834 --a------ C:\Program Files\Zero Knowledge\Freedom\pkR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]
2002-09-10 02:45 147511 --a------ C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-15 13:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DriveConfiguration"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center UI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk
backup=C:\WINDOWS\pss\hp center UI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
"C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
C:\hp\bin\autotbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockTracker]
c:\hp\bin\BlockTracker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
C:\Program Files\Canon\MultiPASS4\MPTBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Autorun.exe


**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 09:38:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 9:41:45
C:\ComboFix-quarantined-files.txt ... 2007-07-26 09:41
C:\ComboFix2.txt ... 2007-07-20 18:34

--- E O F ---
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Unread postby Katana » July 28th, 2007, 7:18 pm

Hi Keronadon,
Sorry for the delay :)
The programs that are disabled in MSconfig are unecessary startup programs that I disabled long ago,

No problem, as long as you know what they are and why they are there
the norton and mcaffees stuff that is still in there can be removed if you can tell me how we have a 2 year contract for Nod32.

NOD32 is good :D, I have included instructions for McAfee and Norton :)
something happened when I ran combofix,I had nod32 strill running while combofix was running and did not realize it
and when combofix was finishing up NOd32 came up with an alert for the C:\WINDOWS\system32\zejwaqwg.exe file and qurantined it,
I do not know how it managed to catch a file while combofix was running that it said it could do nothing with when it first found it.

That is the magical power of ComboFix :lol:
Here is the combofix log.Be warned,its a little long:)

:) It is long, however, it was effective

These next two steps should remove Mcafee and Norton

Remove Norton

Please click HERE and follow the instructions to download and run the norton removal tool

Remove McAfee

Please click HERE and follow the instructions to download and run the Mcafee removal tool


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Files::
    C:\WINDOWS\tasks\Symantec NetDetect.job
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    
    [-KEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "navapsvc"=-
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

  • ComboFix Log
  • A fresh HJT log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby Keronadon » July 29th, 2007, 8:39 am

Ran combofix and here is the log.
"Owner" - 2007-07-29 7:17:24 - ComboFix 07-07-17.8 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-24 08:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-20 18:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 10:44 <DIR> d-------- C:\Program Files\Viewpoint
2007-07-19 08:26 <DIR> d-------- C:\DOCUME~1\Owner\temp
2007-07-17 07:53 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\VERITAS
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\Share-to-Web Upload Folder
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\SampleView
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\InterTrust
2007-07-16 08:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1.LON\NTUSER.DAT
2007-07-16 08:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\WINDOWS
2007-07-15 13:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-15 13:11 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-15 13:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-07-04 02:49 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Pogo Games
2007-06-29 11:17 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-29 11:17 21,504 --a------ C:\WINDOWS\system32\hidserv.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-29 08:37:29 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-29 00:37:51 -------- d-----w C:\Program Files\KeyText
2007-07-28 20:16:52 -------- d-----w C:\Program Files\CLSetup07
2007-07-24 12:58:48 -------- d-----w C:\Program Files\AWS
2007-07-24 12:58:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-16 04:30:43 -------- d-----w C:\Program Files\Pogo Auto Loader
2007-07-16 04:18:05 -------- d-----w C:\Program Files\Oberon Media
2007-07-15 18:22:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-07-15 18:17:31 -------- d-----w C:\Program Files\Yahoo!
2007-07-05 00:35:34 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-07-05 00:35:34 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 16:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
2006-12-18 18:30 726568 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
2002-09-10 02:45 118834 --a------ C:\Program Files\Zero Knowledge\Freedom\pkR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]
2002-09-10 02:45 147511 --a------ C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-15 13:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DriveConfiguration"=binary code removed. Elrond.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center UI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk
backup=C:\WINDOWS\pss\hp center UI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
"C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
C:\hp\bin\autotbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockTracker]
c:\hp\bin\BlockTracker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
C:\Program Files\Canon\MultiPASS4\MPTBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Autorun.exe


**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 07:20:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-29 7:21:54
C:\ComboFix-quarantined-files.txt ... 2007-07-29 07:21
C:\ComboFix2.txt ... 2007-07-26 09:41
C:\ComboFix3.txt ... 2007-07-20 18:34

--- E O F ---
Then ran HJT and here is the log from it.
Logfile of HijackThis v1.99.1
Scan saved at 7:32:20 AM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.4.2.23/t ... assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.21/a ... -en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.0.27/b ... -en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.2.35/b ... -en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.3.34/c ... -en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.6.2.35/c ... -en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.6.4.21/d ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/v ... -en_US.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-6.2.5.28/s ... assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.6.4.21/e ... -en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.4.34/b ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.3.34/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.2.21/g ... -en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.6.2.35/v ... -en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.5.4.34/k ... -en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.0.27/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.6.0.27/f ... -en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.5.2.33/p ... -en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.3.37/p ... -en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.44/w ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.0.27/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/h ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.6.0.27/r ... -en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.34/s ... assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.24/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.3.37/h ... -en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.5.3.44/j ... -en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.4.21/t ... -en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.2.2.66/v ... assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.6.2.21/v ... -en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/w ... assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/c ... /ut2_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1289 ... PSetup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft. ... EFlash.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F8EC5CF-F515-4373-BE66-7C9A80B12B8D}: NameServer = 216.51.211.234,216.51.211.233
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Gonna go ahead and run a detailed scan with NOd32 since it is what started all of this:)
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Unread postby Katana » July 29th, 2007, 10:58 am

Hi Keronadon,
Looking good :)

Just clear these lines out, and your log will be fine

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} -
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


Please post a last HJT log, and let me know how the NOd32 scan goes
K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

nod32

Unread postby Keronadon » July 29th, 2007, 12:01 pm

Nod 32 found some infected files and also popped up with an alert,here is a copy of the files it found infected.
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1279\A0128046.exe »NSIS »HBTVSetup.exe »NSIS »TVEngineCommand.dll - Win32/Adware.HotBar application
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1279\A0128046.exe »NSIS »HBTVSetup.exe »NSIS »HBTV.exe - Win32/Adware.180Solutions application
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1279\A0128046.exe »NSIS »HBTVSetup.exe »NSIS »HBTVHelper.dll - Win32/Adware.HotBar application
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1279\A0128046.exe »NSIS »HBTVSetup.exe »NSIS »uninstaller.exe »NSIS »TVEngineCommand.dll - Win32/Adware.HotBar application

The alert comment said event occured on a file modified by the application C:\WINDOWS\System32\svchost.exe.The file was moved to quarantine,have not done the hjt scan yet thought I would go ahead and post that.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

LAst HJT log I hope:)

Unread postby Keronadon » July 29th, 2007, 12:12 pm

Did the fix then ran a new HJT scan,hope this looks good:)
Logfile of HijackThis v1.99.1
Scan saved at 11:09:56 AM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.4.2.23/t ... assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.21/a ... -en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.0.27/b ... -en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.2.35/b ... -en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.3.34/c ... -en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.6.2.35/c ... -en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.6.4.21/d ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/v ... -en_US.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-6.2.5.28/s ... assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.6.4.21/e ... -en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.4.34/b ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.3.34/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.2.21/g ... -en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.6.2.35/v ... -en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.5.4.34/k ... -en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.0.27/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.6.0.27/f ... -en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.5.2.33/p ... -en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.3.37/p ... -en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.44/w ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.0.27/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/h ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.6.0.27/r ... -en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.34/s ... assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.24/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.3.37/h ... -en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.5.3.44/j ... -en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.4.21/t ... -en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.2.2.66/v ... assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.6.2.21/v ... -en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/w ... assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/c ... /ut2_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1289 ... PSetup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft. ... EFlash.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F8EC5CF-F515-4373-BE66-7C9A80B12B8D}: NameServer = 216.51.211.234,216.51.211.233
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Unread postby Katana » July 30th, 2007, 3:18 am

Hi Keronadon,
The files that Nod found are all in System restore.
System Restore is protected from change so that malware cannot infect it

The following instructions will include how to remove these files and reset a clean restore point.

Congratulations your logs look clean :D

Let’s see if I can help you keep it that way

First lets tidy up :D

Items to delete
  • ComboFix.exe
  • All the logs/reports that have been created
    • C:\ComboFix-quarantined-files.txt
    • C:\ComboFix2.txt
    • C:\ComboFix3.txt
    • C:\startup.txt
    • Kaspersky Log (on your desktop or where you saved it)
  • Any CFScript.txt that are on your desktop
  • Submitxxx.zip (on your desktop. I have found out what these files are now, so it will not be needed)
  • The McAfee and Norton Removal tools if they are still there
    • MCPR.exe.
    • Norton_Removal_Tool.exe[/b]

Enable Teatimer

  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • check the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
If you have already enabled it I recommend that you reset the "snapshot"
Reset TeaTimer
Reset TeaTimers snapshot files:
TeaTimer takes snapshots of Registry entries and compares these with the Registry at startup.
Until these snapshots are updated you are likely to get pop-ups (at startup) of changes you made in the past.
In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshot was taken.
This happens primarily when you reboot the system. To refresh TeaTimer's snapshot files:
  • Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
    • TeaTimer closes.
    • TeaTimer's snapshot files are refreshed at this time.
  • Restart TeaTimer:
    • Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
    • Double click TeaTimer.exe to start it.


Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK



Reset System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.

Firewall
You do not appear to have a firewall.
You may be using Windows firewall, however this only stops incoming traffic.
A third party firewall is much safer, as it stops malware that does get on your PC from contacting "home"
Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
There are many free ones to choose from if cost is a problem. Visit here to choose one.

Also PLEASE read this article

So How Did I Get Infected In The First Place

If you can see a program in the must have section that you have never seen or used then get it!

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.


Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

PS

Unread postby Keronadon » July 30th, 2007, 12:32 pm

Okay all of that is taken care of,there was one little occurence that I have already repaired,The last fix you had me do did something to Java so that none of the Pogo games worked.Got a warning that said either java was not installed or it was not working.I just uninstalled it and reinstalled it from the Java Website and everything is working fine now.Thanks much for the help you guys do a great job :o
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Unread postby Elrond » July 30th, 2007, 12:44 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware