Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cannot get all of this out and it keeps multiplying

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cannot get all of this out and it keeps multiplying

Unread postby Keronadon » July 17th, 2007, 10:56 am

Was having some trouble with my girlfriends computer,it was very slow and getting a lot of out of memeory messages with 2 gigs of ram.She had Mcaffes antivirus installed on it,which autoupdated constantly and was itself causing her problems.
I uninstalled Mcaffees,whic at the last scan just before I uninstalled it said her system was clean,I installed the latest version of Nod32,updated it,and ran a detailed scan which proceeded to find about 145 problems.
I set it to delete what it could,there were several files it could not do anything to even after I ran it again in windows safe mode.I then updated and ran Spybot SD whih she had been using but had forgotten to update in about 8 months :lol: ,and it found more adware and some of it could not be removed even with a reboot.
Becoming desperate,I went to the Panda Software website and downloaded Total Scan,which I bought when it found 117 instances of spyware,adware and viruses because it said it could remove them all,it did not get all of what it found either.
Here is the scan log for it.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-07-17 09:15:41
PROTECTIONS: 1
MALWARE: 31
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 antivirus system 2.70 2.70 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00000431 adware/ist.istbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
00001888 adware/dyfuca Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
00018331 adware/gator Adware No 0 Yes Yes c:\windows\gatorpatch.log
00018331 adware/gator Adware No 0 Yes Yes c:\windows\gatorpdpplugin.log
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
00034291 adware/surfaccuracy Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sacc
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\clsid\{205ff73b-ca67-11d5-99dd-444553540013}
00034463 adware/wupd Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540013}
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1
00035917 adware/ist.sidefind Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
00035917 adware/ist.sidefind Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807}
00042191 adware/ist.yoursitebar Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
00096053 application/funweb HackTools No 0 Yes Yes c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
00101555 Application/KillApp.B HackTools No 0 Yes Yes C:\hp\bin\KillIt.exe
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\appid\dhbrwsr.exe
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\appid\dhsvr.exe
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\appid\dhbrwsr.exe
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\appid\dhsvr.exe
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\clsid\{d848a3ca-0bfb-4de0-ba9e-a57f0cca1c13}
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dealhlpr.band
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dealhlpr.band.1
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dealpop.cdealhelperpopup
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dealpop.cdealhelperpopup.1
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dealpop.dealpopevents
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dealpop.dealpopevents.1
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhbrwsr.browserwindows
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhbrwsr.browserwindows.1
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhp.dhevents
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhp.dhevents.1
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhsvr.cfiledatabase
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhsvr.cfiledatabase.1
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhsvr.dbhelper
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhsvr.dbhelper.1
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\clsid\{bfef1779-0e92-45a1-bf5e-55991007f912}
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhsvr.even.1
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhsvr.webdealevents
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhsvr.webdealevents.1
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\clsid\{b8e910b5-7452-4a29-b121-08e8cf09ec07}
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\clsid\{8ee1aaf5-ed6b-4601-b333-cd30ffb8b39d}
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\clsid\{8b477303-698c-4eed-b9f6-c715842fbe33}
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\clsid\{6dd8b352-21a7-4c24-ac49-e9b4730c1823}
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\clsid\{54a41ae7-b358-4d41-98bd-bbbffdf5186b}
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\clsid\{1a2883f2-fdc7-4af2-b136-203adb475dd7}
00103967 adware/dealhelper Adware No 0 Yes No hkey_current_user\software\timesynchonization
00103967 adware/dealhelper Adware No 0 Yes No hkey_current_user\software\dealhelper
00103967 adware/dealhelper Adware No 0 Yes No hkey_classes_root\clsid\{f00586de-a432-4b9f-877d-e29cd87efdd6}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{8B477303-698C-4EED-B9F6-C715842FBE33}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{6dd8b352-21a7-4c24-ac49-e9b4730c1823}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{8ee1aaf5-ed6b-4601-b333-cd30ffb8b39d}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{b8e910b5-7452-4a29-b121-08e8cf09ec07}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{bfef1779-0e92-45a1-bf5e-55991007f912}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{f00586de-a432-4b9f-877d-e29cd87efdd6}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c2e6831b-822b-4a1f-9ef1-1d3eb7d3e985}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c9679631-7060-443f-bd37-88f9410ed8c3}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{06e53101-654c-45eb-bff6-e37e13b5972a}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{1da40091-14b4-4c21-8170-a2ceede90b10}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{3afae37a-56a3-4850-b599-4da9a9104b82}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{81739076-56b7-42ec-a0aa-692794fded1a}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{f3816084-9608-485a-b63b-cad8f931577e}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{4b76f69e-247a-4617-aba9-95774658afc5}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{3d89a731-9f4a-418f-a997-2d633c7c404c}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{25ab1639-3f81-45a8-8318-2dafba8b8f3d}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{771262e0-8feb-4e78-b292-b01c4071b9d1}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{54a41ae7-b358-4d41-98bd-bbbffdf5186b}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{1a2883f2-fdc7-4af2-b136-203adb475dd7}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\AppID\{a57afb0f-c63e-4ae2-8a7b-bca01ba32cc5}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\AppID\{a1f53f1d-fb2d-4fe0-8ee8-7bbe69999d9f}
00103967 adware/dealhelper Adware No 0 Yes Yes c:\windows\dhp2.dll
00103967 adware/dealhelper Adware No 0 Yes Yes c:\windows\dhkw1.bin
00103967 adware/dealhelper Adware No 0 Yes No hkey_local_machine\software\classes\dhsvr.even
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00145460 Cookie/2o7 TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
00168062 Adware/DealHelper Adware No 0 Yes Yes C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1269\A0126563.exe
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt
00213030 application/regclean32 HackTools No 0 Yes No hkey_local_machine\software\registry cleaner
00213030 application/regclean32 HackTools No 0 Yes No hkey_current_user\software\registry cleaner
00213030 application/regclean32 HackTools No 0 Yes Yes c:\documents and settings\owner\application data\registry cleaner
00213030 application/regclean32 HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\registry cleaner
00241098 Application/Winfixer2005 HackTools No 0 Yes Yes C:\Documents and Settings\Owner\Local Settings\Temp\ICD2.tmp\UWFX5_0001_N57M2112NetInstaller.exe
00241098 Application/Winfixer2005 HackTools No 0 Yes Yes C:\Documents and Settings\Owner\Local Settings\Temp\ICD3.tmp\UWFX5_0001_N57M2112NetInstaller.exe
00241098 Application/Winfixer2005 HackTools No 0 Yes Yes C:\Documents and Settings\Owner\Local Settings\Temp\ICD4.tmp\UWFX5_0001_N57M2112NetInstaller.exe
00241098 Application/Winfixer2005 HackTools No 0 Yes Yes C:\Documents and Settings\Owner\Local Settings\Temp\ICD5.tmp\UWFX5_0001_N57M2112NetInstaller.exe
00241098 Application/Winfixer2005 HackTools No 0 Yes Yes C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N57M2112NetInstaller.exe
00241098 Application/Winfixer2005 HackTools No 0 Yes Yes C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5_0001_N57M2112NetInstaller.exe
00241098 Application/Winfixer2005 HackTools No 0 Yes Yes C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2112NetInstaller.exe
00241098 Application/Winfixer2005 HackTools No 0 Yes Yes C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N57M2112NetInstaller.exe
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
00278769 Application/PRScheduler HackTools No 0 Yes Yes C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
00365126 Application/MyWebSearch HackTools No 0 Yes Yes C:\Program Files\Internet Explorer\msimg32.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
C:\WINDOWS\system32\zejwaqwg.exe[HBTVSetup.exe][HBTV.exe]
;===================================================================================================================================================================================

After running that I figured I better come to the experts for help so I downloaded Hijack this and ran a scan,Here is the log for it.
Logfile of HijackThis v1.99.1
Scan saved at 9:26:51 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.4.2.23/t ... assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.21/a ... -en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.0.27/b ... -en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.2.35/b ... -en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.3.34/c ... -en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.6.2.35/c ... -en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.6.4.21/d ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/v ... -en_US.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-6.2.5.28/s ... assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.6.4.21/e ... -en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.4.34/b ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.3.34/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.2.21/g ... -en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.6.2.35/v ... -en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.5.4.34/k ... -en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.0.27/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.6.0.27/f ... -en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.5.2.33/p ... -en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.3.37/p ... -en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.44/w ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.0.27/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/h ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.6.0.27/r ... -en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.34/s ... assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.24/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.3.37/h ... -en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.5.3.44/j ... -en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.4.21/t ... -en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.2.2.66/v ... assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.6.2.21/v ... -en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/w ... assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/c ... /ut2_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1289 ... PSetup.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft. ... EFlash.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F8EC5CF-F515-4373-BE66-7C9A80B12B8D}: NameServer = 216.51.211.234,216.51.211.233
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina
Advertisement
Register to Remove

Unread postby Katana » July 18th, 2007, 9:37 am

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please note that I am training, this means that any reply I give to you has to be checked first by an expert.
I apologize for any delay this might cause.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I am looking at your log and will get back to you ASAP :)
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

ok

Unread postby Keronadon » July 18th, 2007, 10:03 am

Will do as you say,and I will be asking a lot of quesations I am sure :lol: Girlfriend keeps slapping me in the back of the head and saying "FIX IT" :?
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Unread postby Katana » July 18th, 2007, 1:19 pm

http://www.malwareremoval.com/forum/viewtopic.php?t=21842

Hi Keronadon,
I will try to get you clean ASAP to save your head :lol:

If you have paid for Panda's Total Scan then there is no point wasting it :)
please do the following.

: Disable Teatimer
Please disable Teatimer as it may interfere with the fix.
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Now re-run Total Scan and let it fix everything it can.


I see Viewpoint installed..

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article.
If you use AOL at all it will be reinstalled.
If you don't use AOL or Viewpoint then I suggest you remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player


I would recomend removing the Active X objects that show in the log,
they are not bad as such but I doubt they are all needed
(if they are required they will just be installed again, so there is no harm removing them)

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.4.2.23/t ... assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.21/a ... -en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.0.27/b ... -en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.2.35/b ... -en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.3.34/c ... -en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.6.2.35/c ... -en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.6.4.21/d ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/v ... -en_US.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-6.2.5.28/s ... assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.6.4.21/e ... -en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.4.34/b ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.3.34/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.2.21/g ... -en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.6.2.35/v ... -en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.5.4.34/k ... -en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.0.27/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.6.0.27/f ... -en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.5.2.33/p ... -en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.3.37/p ... -en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.44/w ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.0.27/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/h ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.6.0.27/r ... -en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.34/s ... assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.24/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.3.37/h ... -en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.5.3.44/j ... -en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.4.21/t ... -en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.2.2.66/v ... assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.6.2.21/v ... -en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/w ... assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/c ... /ut2_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1289 ... PSetup.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft. ... EFlash.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis



Please post the new scan results along with a fresh HJT log in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby Keronadon » July 18th, 2007, 10:32 pm

One BIG question before I do the HJT fix,all those pogo applets and cab files are supposed to be the things my girlfriend needs to play her pogo league games,and since she is the head of her league and runs tournaments with a couple of dozen people playing at a time she might get a little upset if I killled them,are you sure they will reinstal automatically when she needs to use them again?They are all things she uses.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

The applets are needed

Unread postby Keronadon » July 18th, 2007, 11:01 pm

Ok checked with my girlfriend,I ran through the list of aplets with her,she does play every one of those games with pogo in the title and the applets are needed to play the game so if I can leave those in she wants them to stay or else she willl just have to go right back through and install them all again,she is the league head admin and organizes those games for all in the league.I have to go to work now so I will check for a reply of what to do in the morning.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

some are not from pogo

Unread postby Keronadon » July 18th, 2007, 11:04 pm

Just to add,some are not from pogo and those she does not know or care about,those I should be able to remove.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Unread postby Katana » July 19th, 2007, 12:41 am

Just so you know what is going on ( and to keep your girlfriend happy :) )

the only ones that need to go are
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab


I know that there is still a pogo in the list, but that one is considered as a "bad" one and adware related
Link to info

just remove these ones, and follow the other instructions

K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Did it all and then some

Unread postby Keronadon » July 19th, 2007, 11:04 am

I did everything you said to do and a little more,when I ran totalscan I ran it toce,once in regular mode and once in safe mode,it still did not get everything,here is the log for it.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-07-19 09:40:58
PROTECTIONS: 1
MALWARE: 18
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 antivirus system 2.70 2.70 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00000431 adware/ist.istbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
00001888 adware/dyfuca Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
00018331 adware/gator Adware No 0 Yes Yes c:\windows\gatorpdpplugin.log
00018331 adware/gator Adware No 0 Yes Yes c:\windows\gatorpatch.log
00034291 adware/surfaccuracy Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sacc
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\clsid\{205ff73b-ca67-11d5-99dd-444553540013}
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1
00034463 adware/wupd Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540013}
00035917 adware/ist.sidefind Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807}
00035917 adware/ist.sidefind Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
00042191 adware/ist.yoursitebar Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
00101555 Application/KillApp.B HackTools No 0 Yes Yes C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1271\A0126941.exe
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00145460 Cookie/2o7 TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
00161832 Adware/DealHelper Adware No 0 Yes Yes C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1271\A0126940.dll
00167642 Cookie/Com.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
00213030 application/regclean32 HackTools No 0 Yes No hkey_current_user\software\registry cleaner
00213030 application/regclean32 HackTools No 0 Yes No hkey_local_machine\software\registry cleaner
00213030 application/regclean32 HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\registry cleaner
00213030 application/regclean32 HackTools No 0 Yes Yes c:\documents and settings\owner\application data\registry cleaner
00262020 Cookie/Atwola TrackingCookie No 0 Yes Yes C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
00365126 Application/MyWebSearch HackTools No 0 Yes Yes C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1271\A0126942.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
C:\WINDOWS\system32\zejwaqwg.exe[HBTVSetup.exe][HBTV.exe]
;===================================================================================================================================================================================

BY the way,the file above that totalscan says is suspicious NOD32 says has multiple infiltrations and it cannot do anything with it.

I then ran HJT as you said and fixed what you said to fix then did another scan for this log.
Logfile of HijackThis v1.99.1
Scan saved at 9:49:45 AM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.4.2.23/t ... assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.21/a ... -en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.0.27/b ... -en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.2.35/b ... -en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.3.34/c ... -en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.6.2.35/c ... -en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.6.4.21/d ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/v ... -en_US.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-6.2.5.28/s ... assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.6.4.21/e ... -en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.4.34/b ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.3.34/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.2.21/g ... -en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.6.2.35/v ... -en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.5.4.34/k ... -en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.0.27/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.2.21/p ... -en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.6.0.27/f ... -en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.5.2.33/p ... -en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.3.37/p ... -en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.44/w ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.0.27/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/h ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.6.0.27/r ... -en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.34/s ... assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.24/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.0.27/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.3.37/h ... -en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.5.3.44/j ... -en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.4.21/t ... -en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.2.2.66/v ... assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.6.2.21/v ... -en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.2.21/w ... -en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/w ... assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/c ... /ut2_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1289 ... PSetup.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft. ... EFlash.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F8EC5CF-F515-4373-BE66-7C9A80B12B8D}: NameServer = 216.51.211.234,216.51.211.233
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Unread postby Katana » July 20th, 2007, 12:37 pm

Hi Keronadon,

Installed Programs
Please could you give me a list of the programs that are installed. This will help me create a fix for you.
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

Download and Run ComboFix
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Installed Programs list
  • ComboFix Log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Program and log files

Unread postby Keronadon » July 20th, 2007, 7:44 pm

I ran the HJT installed programs thing and here is that list,
Abacast Client
AC Tool
AC Trade
ACStats
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
AIM 6.0
AOL Coach Version 1.0(Build:20030807.3)
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Software Suite
Asheron's Call Billing Migrator
Asheron's Call: Throne of Destiny
Atari Anniversary Edition
Betty Bad
Blackhawk Striker
Blasterball 2
Blasterball Wild
Canon MultiPASS Suite 4.30a
City of Heroes (remove only)
CLSetup for Tiger Woods PGA Tour 07
CoH Map Patch
Dark Orbit
DCS
Decal .Net Interops
Decal 3.0 (Alpha 7: 2.9.5.0)
Decal Support Libraries
Detto IntelliMover Demo
Disney's Lilo and Stitch Pinball
EA Link
EA SPORTS online 2007
easy Internet sign-up
ELTank
Freedom Security & Privacy
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp center
HP Digital Imaging Album Printing 1.0
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
hp toolkit
ICQ
Inactive HP Printer Drivers (Remove only)
Indeo® Software
Intel(R) Extreme Graphics Driver
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 7
Jeopardy! 2nd Edition
KBD
KebasAccountFilter-MSI
KeyText v3
K-Lite Codec Pack
Leafcull Coalition
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
LifeTank XI
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
MarketBrowser
Men in Black II CROSSFIRE Trial Version
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Asheron's Call
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Visual C++ 2005 Redistributable
MSN Gaming Zone
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 (KB927978)
MSXML4 Parser
MUSICMATCH Jukebox
MyDVD
Nerfus Buffus II (remove only)
Nerfus Filter (remove only)
NOD32 antivirus system
NVIDIA Display Driver
NVIDIA Drivers
OmniPage SE
Panda TotalScan
PC-Doctor for Windows
PigPen
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RealPlayer
RecordNow
RecordNow Update Manager
Registry Cleaner
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SFRelease
SFRelease
Shockwave
ShowBiz
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
Skype 3.0
Skype add-on for IE
Skype Plugin Manager
Snowboard Extreme
Space Rocks
Spybot - Search & Destroy 1.4
Tetris Worlds
Tiger Woods PGA TOUR 07
Tinker Calc
Universal Salvaging Tool 1.0.14
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Ventrilo Client
Viewpoint Media Player
Virtual Warfare
WeatherBug
WildTangent GameChannel (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Productivity Pack
WordPerfect Productivity Pack
World of Warcraft
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zuma

I downloaded and ran combofix amd I am not sure exactly what happened but when I ran it I still had teatimer and the resident shield from Spybot S and D running and it popped up a bunch of registry changes,and it also removed Internet Explorer as the default web browser and I had to reset it as the default because it is the only one installed on this computer.Here is the log file from it.

"Owner" - 2007-07-20 18:30:07 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


2007-07-20 18:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 10:44 <DIR> d-------- C:\Program Files\Viewpoint
2007-07-19 08:26 <DIR> d-------- C:\DOCUME~1\Owner\temp
2007-07-17 07:53 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\VERITAS
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\Share-to-Web Upload Folder
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\SampleView
2007-07-16 08:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\APPLIC~1\InterTrust
2007-07-16 08:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1.LON\NTUSER.DAT
2007-07-16 08:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LON\WINDOWS
2007-07-15 13:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-15 13:11 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-15 13:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-07-04 02:49 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Pogo Games
2007-06-29 11:17 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-29 11:17 21,504 --a------ C:\WINDOWS\system32\hidserv.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 19:13:32 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-17 16:47:07 -------- d-----w C:\Program Files\CLSetup07
2007-07-16 04:30:43 -------- d-----w C:\Program Files\Pogo Auto Loader
2007-07-16 04:18:05 -------- d-----w C:\Program Files\Oberon Media
2007-07-15 18:22:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-07-15 18:17:31 -------- d-----w C:\Program Files\Yahoo!
2007-07-05 00:35:34 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-07-05 00:35:34 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll
2007-06-12 02:03:21 -------- d-----w C:\Program Files\KeyText
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 16:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
2006-12-18 18:30 726568 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
2002-09-10 02:45 118834 --a------ C:\Program Files\Zero Knowledge\Freedom\pkR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]
2002-09-10 02:45 147511 --a------ C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-05-03 03:14 434279 --a------ C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-15 13:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-03-16 09:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
This Line Edited (truncated)-askey "DriveConfiguration"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk
backup=C:\WINDOWS\pss\Date Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center UI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk
backup=C:\WINDOWS\pss\hp center UI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk
backup=C:\WINDOWS\pss\PrecisionTime.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aladmkbf]
C:\WINDOWS\system32\xnsodbbg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
"C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
C:\hp\bin\autotbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockTracker]
c:\hp\bin\BlockTracker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"C:\Program Files\Common Files\CMEII\CMESys.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealHelperBrwsr]
C:\WINDOWS\dhbrwsr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealHelperUpdate]
C:\WINDOWS\DHUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GXgHKee]
C:\WINDOWS\ryfab.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]
C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
C:\Program Files\Canon\MultiPASS4\MPTBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
C:\PROGRA~1\REGIST~1\regclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
C:\Program Files\SurfAccuracy\SAcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Autorun.exe


Contents of the 'Scheduled Tasks' folder
2003-09-16 01:24:04 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 18:33:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-20 18:34:25

--- E O F ---
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Unread postby Katana » July 23rd, 2007, 12:29 pm

Hi Keronadon,
Did you have Symantec/Norton installed at some point ?

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
Now close the Control Panel.

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti
( you may need to show hidden files and folders. See HERE for help)

Please visit http://virusscan.jotti.org/]Jotti
Click on Browse... and navigate to the following file: C:\WINDOWS\rascntrl.dll
Click Open
Please post back, to let me know the results.

Please do the same for the following file
C:\WINDOWS\system32\svcprmpt.dll

If Jotti is too busy please try Virustotal

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u2
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.

Then from your desktop double-click on the download to install the newest version.

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it reglook.bat Please save it on your desktop.

regedit /e peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
regedit /e peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder"
type peek1.txt >> c:\startup.txt
type peek2.txt >> C:\startup.txt
del peek*.txt
start notepad C:\startup.txt
del /q reglook.bat

Double click on reglook.bat
Notepad will open, please copy/paste the contents in your reply
A copy will be made at C:\startup.txt


Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • startup.txt
  • kaspersky log
  • How is the PC running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

still infested

Unread postby Keronadon » July 24th, 2007, 11:46 am

I did all that you said to do.removed the programs,got the new java,and ran the scans,the 2 files you said to scan online at Jotti were clean but just for kicks I scanned that zejwaqwg.exe in system32 and it lit up Jotti bigtime,here is a copy of the scan of that file.
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: zejwaqwg.exe
Status: INFECTED/MALWARE
MD5: c768a33b1b9753d0b3728f7647ff8aa6
Packers detected: UPX
Bit9 reports: File not found

Scanner results
Scan taken on 24 Jul 2007 13:12:49 (GMT)
A-Squared Found Adware.Win32.180Solutions.ay
AntiVir Found DR/HotBar.BQ.2
ArcaVir Found nothing
Avast Found Win32:Adware-gen.
AVG Antivirus Found nothing
BitDefender Found Trojan.Hotbar.A, Adware.180solutions.DR, Adware.Hotbar.EF, Adware.Hotbar.B
ClamAV Found Adware.Hotbar
CPsecure Found Malware.W32.180Solutions.ao
Dr.Web Found Adware.Hotbar
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.180Solutions.ay (4, 1, 400), not-a-virus:AdWare.Win32.HotBar.bq (4, 1, 400)
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.180Solutions.ay, not-a-virus:AdWare.Win32.HotBar.bq
NOD32 Found Win32/Adware.HotBar application, Win32/Adware.180Solutions application
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.HotBar.bq

I then did the bootfile thing here is the startup text from that.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acme.PCHButton]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pchbutton"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\HPINST~1\\plugin\\bin\\pchbutton.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aladmkbf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xnsodbbg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\xnsodbbg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtariBanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Banner"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Infogrames\\Atari Anniversary Edition\\Volume 2\\Banner.exe\" /0"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoTBar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="autotbar"
"hkey"="HKLM"
"command"="C:\\hp\\bin\\autotbar.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlockTracker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlockTracker"
"hkey"="HKLM"
"command"="c:\\hp\\bin\\BlockTracker.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CamMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpqcmon"
"hkey"="HKLM"
"command"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CleanUp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcappins"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\Shared\\mcappins.exe /v=3 /cleanup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DealHelperBrwsr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dhbrwsr"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\dhbrwsr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DealHelperUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DHUpdt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\DHUpdt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EA Core]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Core"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Electronic Arts\\EA Link\\Core.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GXgHKee]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ryfab"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ryfab.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HbTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HbtOEAddOn"
"hkey"="HKLM"
"command"="C:\\Program Files\\HbTools\\Bin\\4.8.2.0\\HbtOEAddOn.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="istsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\ISTsvc\\istsvc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KBD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KBD"
"hkey"="HKLM"
"command"="C:\\HP\\KBD\\KBD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McAgent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MPTBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MPTBox"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MultiPASS4\\MPTBox.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\My Web Search Bar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MWSBAR"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\4.bin\\MWSBAR.DLL,S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\4.bin\\mwsoemon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Omnipage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="opware32"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Registry Cleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="regclean"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\REGIST~1\\regclean.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StorageGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfAccuracy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SAcc"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfAccuracy\\SAcc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wcmdmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcmdmgrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WeatherOnTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HbtWeatherOnTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\HbTools\\Bin\\4.8.2.0\\HbtWeatherOnTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WT GameChannel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GameChannel"
"hkey"="HKLM"
"command"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 8.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 8.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 8.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~2.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Date Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Date Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Date Manager\\DateManager.exe "
"item"="Date Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Common Files\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center UI.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hp center UI.lnk"
"backup"="C:\\WINDOWS\\pss\\hp center UI.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HPCENT~1\\137903\\Shadow\\SHADOW~1.EXE -STARTUP"
"item"="hp center UI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hp center.lnk"
"backup"="C:\\WINDOWS\\pss\\hp center.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe -startup"
"item"="hp center"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PrecisionTime.lnk"
"backup"="C:\\WINDOWS\\pss\\PrecisionTime.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\PrecisionTime\\PrecisionTime.exe "
"item"="PrecisionTime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"

And then ran the Kaspersky online scan and here is the log for that.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 24, 2007 10:34:11 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/07/2007
Kaspersky Anti-Virus database records: 367116
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 125039
Number of viruses found: 5
Number of infected objects: 18 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:40:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\JVERAQBA.NQF Infected: Trojan-Downloader.Win32.IstBar.pc skipped
C:\Program Files\ESET\infected\PDM3VLAA.NQF/data0018/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\ESET\infected\PDM3VLAA.NQF/data0018/data0003 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\ESET\infected\PDM3VLAA.NQF/data0018/data0004 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\ESET\infected\PDM3VLAA.NQF/data0018 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\ESET\infected\PDM3VLAA.NQF/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\Program Files\ESET\infected\PDM3VLAA.NQF/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\Program Files\ESET\infected\PDM3VLAA.NQF NSIS: infected - 6 skipped
C:\Program Files\ESET\infected\PDM3VLAA.NQF PE-Crypt.XorPE: infected - 6 skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1271\A0126764.rbf Infected: Trojan.Win32.Reboot.d skipped
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1271\A0126821.exe Infected: not-a-virus:AdWare.Win32.DealHelper.s skipped
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1278\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{11F501DF-0614-4431-BF08-D96634EB587B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\zejwaqwg.exe/data0018/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\WINDOWS\system32\zejwaqwg.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\WINDOWS\system32\zejwaqwg.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\WINDOWS\system32\zejwaqwg.exe/data0018 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\WINDOWS\system32\zejwaqwg.exe/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\zejwaqwg.exe/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\zejwaqwg.exe NSIS: infected - 6 skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

The computer is actually running much better than when I started all of this because I initially removed about 230 infections,but I REALLY want to get rid of them all.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Unread postby Katana » July 25th, 2007, 12:29 pm

Hi Keronadon,
You still have a lot of leftovers from McAfee and Norton
Would you like them removed, or do you intend to reinstall them at some point ?

You also have a lot of legitimate programs disabled by MSConfig,
is there a reason for this other than you just didn't want them running ?

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://forum.malwareremoval.com/viewtopic.php?t=21842
    
    Suspect::
    C:\WINDOWS\rascntrl.dll
    C:\WINDOWS\system32\svcprmpt.dll
    
    File::
    C:\WINDOWS\pss\Date Manager.lnkCommon Startup
    C:\WINDOWS\pss\GStartup.lnkCommon Startup
    C:\WINDOWS\system32\xnsodbbg.exe
    C:\WINDOWS\dhbrwsr.exe
    C:\WINDOWS\DHUpdt.exe
    C:\WINDOWS\ryfab.exe
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\WINDOWS\pss\PrecisionTime.lnkCommon Startup
    C:\WINDOWS\system32\zejwaqwg.exe
    
    Folder::
    C:\Program Files\Common Files\CMEII
    C:\Program Files\HbTools
    C:\Program Files\ISTsvc
    C:\Program Files\MyWebSearch
    C:\Program Files\SurfAccuracy
    C:\Program Files\HbTools
    C:\Program Files\WildTangent
    C:\Program Files\Registry Cleaner
    C:\Program Files\Common Files\GMT
    C:\Program Files\Date Manager
    C:\Program Files\PrecisionTime
    C:\WINDOWS\wt
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe] 
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk] 
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aladmkbf]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealHelperBrwsr]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealHelperUpdate]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GXgHKee]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8}]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\sacc]
    
    [-HKEY_CLASSES_ROOT\clsid\{205ff73b-ca67-11d5-99dd-444553540013}]
    
    [-HKEY_CLASSES_ROOT\install.install]
    
    [-HKEY_CLASSES_ROOT\install.install.1]
    
    [-HKEY_LOCAL_MACHINE\software\classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540013}]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807}]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}]
    
    [-HKEY_CURRENT_USER\software\registry cleaner]
    
    [-HKEY_LOCAL_MACHINE\software\registry cleaner]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner]
    
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
  • A .Zip file will be created on your Desktop, I may need you to upload this at some point for analysis

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • ComboFix Log
  • The answers to my couple of questions
  • How is the PC running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

got it done

Unread postby Keronadon » July 26th, 2007, 10:58 am

The programs that are disabled in MSconfig are unecessary startup programs that I disabled long ago,the norton and mcaffees stuff that is still in there can be removed if you can tell me how we have a 2 year contract for Nod32.The computer is running a lot better,something happened when I ran combofix,I had nod32 strill running while combofix was running and did not realize it and when combofix was finishing up NOd32 came up with an alert for the C:\WINDOWS\system32\zejwaqwg.exe file and qurantined it,I do not know how it managed to catch a file while combofix was running that it said it could do nothing with when it first found it.Here is the combofix log.Be warned,its a little long:)

"Owner" - 2007-07-26 9:18:11 - ComboFix 07-07-17.8 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\WildTangent
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{357ECB62-CD36-4B63-B57E-769D0CA174F4}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{3EA6838C-5C34-4F9C-A8DA-434D65DD1356}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{4F0AE1FB-4082-4A27-8363-05D292D92FB0}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{5415BC25-6D6C-46C4-B34C-EA8470FE56D5}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{63272979-21F0-48EF-9B97-A83DBC05BE39}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{753FE96B-D926-4B6C-BCFB-CC59153D004A}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{7841B68B-B7DD-408E-8B45-D5CA39608185}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{9FA01E11-9015-4140-B10A-5C6AA949B2FC}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{A27EAF80-CBFC-4F56-94E1-929A401D7515}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\legacy\{BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\cannonballs_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\cannonballs_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\cannonballs_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\cannonballs_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\download_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\download_over_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\play_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\play_over_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_1.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_14.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_15.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_16.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_17.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_18.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_19.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_2.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_20.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_3.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_8.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_downloaded_9.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_1.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_14.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_15.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_16.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_17.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_18.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_19.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_2.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_20.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_3.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_8.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\images\statusbar_plain_9.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{11e0bc66-01b3-456b-9bbb-f1f6f1c72c47}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\images\background.JPG
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\images\button.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\images\button_over.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{32196b42-8680-4c60-a319-47cf52e675f8}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blackhawkstriker_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_01.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_bar_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_down_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_over_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_play_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_play_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_play_down_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_dl_play_over_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\blasterball_over_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{5f46363d-8c4a-44a2-a29c-44eae361f608}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\1.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\10.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\11.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\12.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\13.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\14.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\15.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\16.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\17.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\18.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\19.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\2.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\20.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\21.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\22.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\23.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\24.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\25.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\26.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\27.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\28.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\29.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\3.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\30.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\31.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\32.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\33.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\34.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\35.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\36.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\37.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\38.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\39.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\4.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\40.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\41.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\42.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\43.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\44.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\45.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\46.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\47.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\48.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\49.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\5.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\50.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\6.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\7.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\8.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\9.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\animtable_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\animtable_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\animtable_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\animtable_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_01.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_02.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_03.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_04.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_05.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_06.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_07.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_08.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_09.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_10.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_11.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_12.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_13.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_14.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_15.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\base_16.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_01.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_02.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_04.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_bar_05.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_play_down.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_play_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_play_up.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_pre_down.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_pre_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\dl_pre_up.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_2.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_3.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\rotate_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_09.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_10_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\slyder_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\images\spacer.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{763446c3-b9c3-4f2a-87cf-f8506efa1cf6}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_09.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_downloading_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_downloading_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_downloading_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_downloading_09.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_over_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_play_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_play_over_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\base_up_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\download.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\lowernav_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\play.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\rock.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\spacer.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\whats_included.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\images\whats_new.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{8ca6263d-54a0-4c7f-adb2-460518ac60de}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{910fa28d-4ecc-41c9-8d7e-d9cbe5047736}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{910fa28d-4ecc-41c9-8d7e-d9cbe5047736}\gc.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{910fa28d-4ecc-41c9-8d7e-d9cbe5047736}\icon.ico
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{910fa28d-4ecc-41c9-8d7e-d9cbe5047736}\welcome.hta
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\blasterball_dl_bar_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_03.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_bar_07.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_down_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_down_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_over_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_over_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_play_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_play_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_play_down_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\gemmaster3_dl_play_over_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{94ccf98b-4365-42e8-8c42-462bcd7f2119}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\button.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\button_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_14.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_15.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_8.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_9.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_11.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_4.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_5.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_6.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_7.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_8.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\dlbar_done_9.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\spacer.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_09.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_dl_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_dl_over_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_play_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\images\yardsale_play_over_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{a6cf1cb8-516b-40a2-8411-f7888bca5a60}\index.html
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\button.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\button_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_01.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_02.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_03.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_04.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_05.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_06.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_08.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_10.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_12.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_13.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_14.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_15.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_16.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_17.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_18.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_19.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_20.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_21.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_01.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_02.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_03.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_04.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_dlbar_05.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_download_down.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_download_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_download_up.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_playnow_down.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_playnow_over.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\gem2_playnow_up.jpg
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\progress.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\images\spacer.gif
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\{eac3d2e0-495b-49c8-94b4-0b691531747b}\index.html
C:\Program Files\WildTangent\Apps\wtKernel0100.dll
C:\Program Files\WildTangent\Components\SystemConfig0100.dll
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\_eula.txt
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\BB.htm
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_01.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_02.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_03.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_03a.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_04.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_05.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\images\BB_640_480_01f_06.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\interstital.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\quit.htm
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\quit.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\restart.jpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\ad\restart.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\credits.dat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\normal.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\normal.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\reading-white.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\reading.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\reading.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\selected.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\selected.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\title.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\title.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\titleback.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\fonts\titleback.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\accessdenied.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\arrowline.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\backdrop.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\0.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\1.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\2.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\3.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\4.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\5.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\6.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\7.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\8.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\9.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\div.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_1.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_2.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_3.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_4.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\newlife_5.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon0.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon1.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon2.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon3.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\bitmaps\weapon4.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_a.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_off.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_scroll.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_scroll_a_off.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\cursor\cursor_scroll_a_on.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\demoend.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\enter.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\enterstripes.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\gameover.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_bogg.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_boggbro.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_bugturret.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_grenadeturret.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_hyperwidge.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_myte.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_shrimp.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_split.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_superwidge.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_turret.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\kills\kills_widge.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\leftarrow.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\levelcomplete.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\main.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\menu2.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\menu2_mask.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\menu2_mask_a.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\ok.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\okbackdrop.wjp
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\rightarrow.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\save.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\backdrop.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\continue.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\save.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\thinline.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\stats\total.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\textbackdrop.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\theend.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\thinline.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\hud\totalbounty.wpg
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\demo_bsp.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\demo_ent.wdat
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\ai_helixringkiller.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9lock1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9lock2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9polelight1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9polelight2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_9polelight3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_demo.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev1_front.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev2_back.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev3_back.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev3_front.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev5_back.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev5_front.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev6_back.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev6_front.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_airlockdoor_lev7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_bosspain_bossbox.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_crusher_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_crusher_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_crusher_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_bigpit_lev3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_lev1_energy.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_lev8_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_lev8_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_lev8_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_death_tocommies.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_demobridge.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_demodoor.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_demotrigger.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_chainnet_dry.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_helixspitter.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev1_airlock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev1_cables.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev1_pistons1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev1_pistons2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_airlock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_fans26.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pipes_a.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pipes_b.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pipes1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pipes2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pistons1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2_pistons2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable01.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable02.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable03.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable04.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable05.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable06.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable07.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev2cable08.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev3_airlock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere8.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5_sphere9.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev56 fingers.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev56_airlock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev5lock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lev9tensioner.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lock5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_lockplate_lev3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_raybarrier_lev1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_rock.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_detail_wind_lev1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_drymine_6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclock_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_eleclockbridge.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_fan_lev2_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_fan_lev2_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_fan_lev2_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_fence.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_helixringanimated.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_helixringmachinery.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holepieces.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setA_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_10.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_11.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_12.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_13.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_8.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setB_9.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_10.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_11.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_12.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_13.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_14.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_15.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_16.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_17.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_18.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_19.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_20.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_21.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_22.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_23.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_24.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_25.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_26.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_8.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_holo_setC_9.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubbridge.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_entrance1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_entrance2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_entrance3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_exit1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_exit2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubdoor_exit3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_hubped.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_jerry.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_lock3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_lock6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_lock7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_lockdemo.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_1.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_10.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_12.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_13.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_14.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_2.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_3.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_4.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_5.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_6.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_7.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_8.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_ebrush_lev2_9.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_hubgapfiller.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2_fans26_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable01_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable02_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable03_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable04_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable05_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2cable06_low.wsad
C:\Program Files\WildTangent\Games\GameChannel\Betty Bad\assets\maps\files\e_low_lev2ca
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 200 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware