WiredWX Hobby Weather ToolsLog in

 


Windows 7 Security 2012 HELP!!!

2 posters

descriptionWindows 7 Security 2012 HELP!!! EmptyWindows 7 Security 2012 HELP!!!

more_horiz
I have this on my computer. Malwarebytes isn't detecting it and I can't get it off. It's starting to affect my computer. What can I do? Help please! It's going fast!

Celina268

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
I updated malwarebytes and reran it. It found things this time and for the time being I am not having any issues. I hope it stays that way!

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Still have it! Sad tearing What can I do??

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***********************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Here is the SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2011 at 07:35 PM

Application Version : 4.54.1000

Core Rules Database Version : 7348
Trace Rules Database Version: 5160

Scan type : Complete Scan
Total Scan Time : 00:48:46

Memory items scanned : 583
Memory threats detected : 1
Registry items scanned : 14970
Registry threats detected : 0
File items scanned : 41010
File threats detected : 147

Trojan.Agent/Gen-RogueAS
C:\USERS\CLARK\APPDATA\LOCAL\TEMP\LOW\NID.EXE
C:\USERS\CLARK\APPDATA\LOCAL\TEMP\LOW\NID.EXE
C:\USERS\CLARK\APPDATA\LOCAL\TEMP\LOW\1I03O.DLL

Adware.Tracking Cookie
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\clark@insightexpressai[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\clark@atdmt[2].txt
149.memecounter.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
2mdn.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
a.ads2.msads.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
a.media.abcfamily.go.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
acvs.mediaonenetwork.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
ads2.msads.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
b.ads2.msads.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
bc.youporn.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
cdn.eyewonder.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
cdn.insights.gravity.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
cdn4.specificclick.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
core.insightexpressai.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
ds.serving-sys.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
hs.interpolls.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
ia.media-imdb.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
macromedia.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.azfamily.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.ign.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.mtvnservices.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.nbcphiladelphia.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.onsugar.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.oprah.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.scanscout.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.subwayfreshbuzz.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media.wcnc.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
media1.break.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
mediaforgews.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
mediapartner.bigpoint.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
msnbcmedia.msn.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
objects.tremormedia.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
s0.2mdn.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
secure-us.imrworldwide.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
serving-sys.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
sftrack.searchforce.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
spe.atdmt.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
tracker.dominos.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
udn.specificclick.net [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
video.anbmedia.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
vidii.hardsextube.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
www.countryinns.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
www.naiadsystems.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
www.pornhub.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
www.porntube.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
wwwstatic.megaporn.com [ C:\Users\Clark\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PL7295C ]
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@bs.serving-sys[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediaplex[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@revsci[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@questionmarket[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@wistatefair[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@a1.interclick[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@pub44.bravenet[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@content.yieldmanager[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@legolas-media[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.yieldmanager[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adserver.adtechus[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@media303[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.yieldmanager[5].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@fastclick[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adserv.rotator.hadj7.adjuggler[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@casalemedia[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediaplex[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@www.wistatefair[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@casalemedia[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@atdmt[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.yieldmanager[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.pgatour[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@viacom.adbureau[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@tacoda.at.atwola[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@content.yieldmanager[4].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ru4[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@collective-media[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@2o7[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@eyewonder[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@burstbeacon[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@3dclicktracker[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.undertone[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@t.pointroll[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@burstnet[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@advertising[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@apnonline.112.2o7[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediabrandsww[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@realmedia[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.undertone[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@zedo[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adlegend[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.advancedmn[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@tripod[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@tribalfusion[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@content.yieldmanager[5].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.wsod[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@insightexpressai[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@doubleclick[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@invitemedia[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@specificclick[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adbrite[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@r1-ads.ace.advertising[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@interclick[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@trafficmp[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@media6degrees[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@stat.onestat[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@statcounter[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@interclick[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@at.atwola[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.pointroll[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adbrite[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@pn1.adserver.yahoo[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@interclick[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@zedo[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@lucidmedia[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@media6degrees[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@a1.interclick[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@pro-market[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@dc.tremormedia[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@a1.interclick[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@2o7[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ad.yieldmanager[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@advertising[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ads.nba[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@adxpose[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@apmebf[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@atdmt[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@beacon.dmsinsights[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@bravenet[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@content.yieldmanager[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@doubleclick[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@imrworldwide[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediaplex[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@mediaplex[4].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@msnportal.112.2o7[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@pointroll[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@questionmarket[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@questionmarket[3].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@realmedia[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@richmedia.yahoo[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@ru4[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@s.clickability[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@serving-sys[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@www.burstbeacon[2].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@www.burstnet[1].txt
C:\Users\Clark\AppData\Roaming\Microsoft\Windows\Cookies\Low\clark@xiti[1].txt
.doubleclick.net [ C:\Users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\cookies.sqlite ]

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Here is the DDS.txt:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Clark at 20:29:37 on 2011-06-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4483 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g106p03f5v165r49j1s248
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g106p03f5v165r49j1s248
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g106p03f5v165r49j1s248
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = ;*.local
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: []
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271653196742
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267689254139
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{189A7EA4-E3E5-4BEB-805A-E0A751964664} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Clark\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: XULRunner: {57DDC497-AE35-4B5F-85D7-5ACDC971B3EC} - C:\Users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSviA64.sys [2010-4-17 466992]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-2-23 117640]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-24 240160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-23 135664]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-23 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-28 23:42:58 -------- d-----w- C:\Users\Clark\AppData\Roaming\SUPERAntiSpyware.com
2011-06-28 23:42:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-28 23:42:51 -------- d-----w- C:\ProgramData\!SASCORE
2011-06-28 23:42:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-28 13:55:22 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF883CB9-5E7A-4E3F-AB95-E6730BDFF4C8}\mpengine.dll
2011-06-25 19:04:43 -------- d-----w- C:\Program Files\iTunes
2011-06-25 19:04:43 -------- d-----w- C:\Program Files\iPod
2011-06-25 19:04:43 -------- d-----w- C:\Program Files (x86)\iTunes
2011-06-25 19:02:41 -------- d-----w- C:\Program Files\Bonjour
2011-06-25 19:02:41 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-06-16 06:57:02 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-06-16 06:57:01 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 06:57:01 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 06:57:00 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 06:57:00 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
.
==================== Find3M ====================
.
2011-05-29 14:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-06 21:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 21:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 21:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 21:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
.
============= FINISH: 20:30:45.71 ===============

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Here is the Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/22/2010 8:22:43 PM
System Uptime: 6/28/2011 8:23:29 PM (0 hours ago)
.
Motherboard: eMachines | | MCP61PM-GM
Processor: AMD Athlon(tm) II X2 235e Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 687 GiB total, 605.707 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Plus B209a-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart Plus B209a-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP243: 5/27/2011 7:04:00 AM - Windows Update
RP244: 5/31/2011 5:43:25 PM - Windows Update
RP245: 6/3/2011 5:53:46 AM - Windows Update
RP246: 6/7/2011 8:28:18 PM - Windows Update
RP247: 6/10/2011 10:28:12 AM - Windows Update
RP248: 6/14/2011 7:30:52 AM - Windows Update
RP249: 6/16/2011 3:00:21 AM - Windows Update
RP250: 6/17/2011 5:30:29 PM - Windows Update
RP251: 6/21/2011 9:35:05 AM - Windows Update
RP252: 6/24/2011 7:52:29 AM - Windows Update
RP253: 6/25/2011 2:03:23 PM - Installed iTunes
RP254: 6/28/2011 3:00:21 AM - Windows Update
RP255: 6/28/2011 8:55:03 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Advertising Center
Alchemy Deluxe
Apple Application Support
Apple Software Update
B209a-m
Balloon Blast
Beat Hazard
Best Games Hits 3
Bricks of Camelot
Brickshooter Egypt
BufferChm
Compatibility Pack for the 2007 Office system
Concentration (remove only)
Coupon Printer for Windows
Crazy Chicken Pinball
Crystal Caverns of Amon-Ra
Dave Ramsey's Financial Peace Financial Software
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DeviceDiscovery
Dynasty of Egypt
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
ESET Online Scanner v3
File Extension Finder
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HiJackThis
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Identity Card
Iggle Pop Deluxe
ImagXpress
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 21
Jewels of the Nile
Junk Mail filter update
Kakuro Mania! 10,000
Lexmark 2300 Series
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Internet Security
Norton Online Backup
NVIDIA ForceWare Network Access Manager
Phoenix Assault
PS_AIO_06_B209a-m_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Run N Gun Football
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SmartWebPrinting
Snowboard SuperJam
SolutionCenter
Status
Taipei Mahjongg 25K
Tank-o-Box
The Price Is Right 1.1.0
Toolbox
TrayApp
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update Installer for WildTangent Games App
WebReg
Welcome Center
WildTangent Games App (eMachines Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WWII Tank Commander
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/28/2011 8:47:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
6/28/2011 7:22:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/28/2011 3:48:42 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Clark-PC\Clark SID (S-1-5-21-464309943-274483538-4150013216-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/25/2011 2:04:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
6/25/2011 2:03:04 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2011 2:02:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2011 1:44:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR13.
6/25/2011 1:43:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR12.
6/25/2011 1:40:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR10.
6/25/2011 1:31:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR9.
6/25/2011 1:29:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
6/22/2011 2:11:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
The log shows that your AV; "AV: Norton Internet Security *Disabled/Outdated" is disabled and out-of-date. Please enable this and get it updated.

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uURLSearchHooks: H - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
FF - Ext: XULRunner: {57DDC497-AE35-4B5F-85D7-5ACDC971B3EC} - C:\Users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]


* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
****************************************************************
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

WildTangent Web Driveror anything related to WildTangent.
*******************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Is having AV: Norton Internet Security a necessity? I was told by someone at some point (forgive me for not remembering) that Norton is more of an annoyance. I am working on the other things you have posted.

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Here is the OTL:

All processes killed
========== OTL ==========
File Ext: XULRunner: {57DDC497-AE35-4B5F-85D7-5ACDC971B3EC} - C:\Users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC} not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Clark
->Temp folder emptied: 862806977 bytes
->Temporary Internet Files folder emptied: 162834982 bytes
->Java cache emptied: 46834979 bytes
->FireFox cache emptied: 56270224 bytes
->Apple Safari cache emptied: 1459200 bytes
->Flash cache emptied: 3427873 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-CLARK-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 79595 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 673102460 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 109614573 bytes

Total Files Cleaned = 1,828.00 mb


OTL by OldTimer - Version 3.2.24.2 log created on 06302011_095659

Files\Folders moved on Reboot...
C:\Users\Clark\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\JETA6D9.tmp not found!

Registry entries deleted on Reboot...

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Also, I tried to remove WildTangent stuff before, but it's not listed in the Add/Remove programs. It goes straight from 'Welcome Center' to "Windows Live Essentials". I don't know where else to look.

I have an appointment shortly, so I will do the Java and Combofix when I return.

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Is having AV: Norton Internet Security a necessity? I was told by someone at some point (forgive me for not remembering) that Norton is more of an annoyance.

Well, it's an anti-virus program but it doesn't have a reputation of performing very well. If you wish to change, here's a list below of some good free AV's I,personally, feel MicroSoft Security Essentials is one of the best; very lightweight and constantly being updated.Download and install a new one, then remove Norton. If you have trouble removing it, please let me know and I'll give you a program to remove it.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Here is the combofix log:

ComboFix 11-06-30.03 - Clark 06/30/2011 17:44:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4739 [GMT -5:00]
Running from: c:\users\Clark\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}\chrome.manifest
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}\chrome\content\_cfg.js
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}\chrome\content\overlay.xul
c:\users\Clark\AppData\Local\{57DDC497-AE35-4B5F-85D7-5ACDC971B3EC}\install.rdf
c:\users\Clark\AppData\Local\Temp\CCEF.tmp
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
----- BITS: Possible infected sites -----
.
hxxp://ads1.msads.net
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 22:49 . 2011-06-30 22:49 -------- d-----w- c:\users\Mcx1-CLARK-PC\AppData\Local\temp
2011-06-30 22:49 . 2011-06-30 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 22:27 . 2011-06-30 22:27 -------- d-----w- c:\program files (x86)\7-Zip
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\program files (x86)\TinyZIP
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\programdata\W3i
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\program files (x86)\W3i
2011-06-30 22:11 . 2011-06-30 22:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-30 22:10 . 2011-05-04 09:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\users\Clark\AppData\Roaming\SUPERAntiSpyware.com
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\programdata\!SASCORE
2011-06-28 23:42 . 2011-06-28 23:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-28 13:55 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF883CB9-5E7A-4E3F-AB95-E6730BDFF4C8}\mpengine.dll
2011-06-25 19:04 . 2011-06-25 19:05 -------- d-----w- c:\program files\iTunes
2011-06-25 19:04 . 2011-06-25 19:05 -------- d-----w- c:\program files (x86)\iTunes
2011-06-25 19:04 . 2011-06-25 19:04 -------- d-----w- c:\program files\iPod
2011-06-25 19:03 . 2011-06-25 19:03 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-06-25 19:02 . 2011-06-25 19:02 -------- d-----w- c:\program files\Bonjour
2011-06-25 19:02 . 2011-06-25 19:02 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-16 06:57 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 06:57 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 06:57 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 06:57 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 06:57 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2010-07-04 06:22 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-07-04 06:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 00:14 . 2010-04-25 22:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 09:52 . 2010-09-17 18:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-22 20:18 . 2011-05-25 13:10 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:58 . 2011-05-19 03:59 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 12:49 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 12:49 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 12:49 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 03:59 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-06-22 2408448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100415.001\IDSvia64.sys [2009-10-28 466992]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-11-24 117640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 06:50]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 06:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g106p03f5v165r49j1s248
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = ;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Kakuro Mania! 10,000 - c:\program files (x86)\Kakuro Mania! 10
AddRemove-Lexmark 2300 Series - c:\program files (x86) (x86)\Lexmark 2300 Series\Install\x64\Uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-06-30 17:55:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-30 22:55
.
Pre-Run: 652,840,067,072 bytes free
Post-Run: 652,425,306,112 bytes free
.
- - End Of File - - 75DA26B0C4B66A1F5987C4C267EBF0E9

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:6092

    Folder::
    c:\program files (x86)\WildTangent Games\App

    Driver::
    GamesAppService


  • Save this as CFScript.txt, in the same location as ComboFix.exe

    Windows 7 Security 2012 HELP!!! Cfscriptb4

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

***************************************************
Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)

    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted,and tell me how your computer is running now

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
Here is the combofix:

ComboFix 11-06-30.03 - Clark 06/30/2011 19:56:05.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4821 [GMT -5:00]
Running from: c:\users\Clark\Desktop\ComboFix.exe
Command switches used :: c:\users\Clark\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WildTangent Games\App
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\NP_wtapp.dll
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\wtapp_PresenceDetector.dll
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\wtapp_PresenceDetector.dll
c:\program files (x86)\WildTangent Games\App\BrowserIntegration\wtapp_ProtocolHandler.exe
c:\program files (x86)\WildTangent Games\App\GameConsole-wt.exe
c:\program files (x86)\WildTangent Games\App\GameConsole.exe
c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
c:\program files (x86)\WildTangent Games\App\InstalledVersion
c:\program files (x86)\WildTangent Games\App\PatchTools\BSDiff_Patch.exe
c:\program files (x86)\WildTangent Games\App\PatchTools\Park.exe
c:\program files (x86)\WildTangent Games\App\PatchTools\Updater.exe
c:\program files (x86)\WildTangent Games\App\ProtectorProxy.exe
c:\program files (x86)\WildTangent Games\App\UI\DepositCoin.wav
c:\program files (x86)\WildTangent Games\App\UI\Footer.html
c:\program files (x86)\WildTangent Games\App\UI\GamePlay_Loader.html
c:\program files (x86)\WildTangent Games\App\UI\GamePlay_Offline.html
c:\program files (x86)\WildTangent Games\App\UI\Header.html
c:\program files (x86)\WildTangent Games\App\UI\MyAccount_Offline.html
c:\program files (x86)\WildTangent Games\App\UI\MyGames.html
c:\program files (x86)\WildTangent Games\App\UI\MyGamesDropDown.htm
c:\program files (x86)\WildTangent Games\App\UI\NavError.html
c:\program files (x86)\WildTangent Games\App\UI\NewTab.html
c:\program files (x86)\WildTangent Games\App\UI\OfflineSignIn.html
c:\program files (x86)\WildTangent Games\App\UI\OfflineSignInWrapper.html
c:\program files (x86)\WildTangent Games\App\UI\Parental.html
c:\program files (x86)\WildTangent Games\App\UI\Resources\de.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\en-us.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\es-es.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\es.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\fr.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\it.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\ko.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\pt.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\zh-chs.xml
c:\program files (x86)\WildTangent Games\App\UI\Resources\zh-cht.xml
c:\program files (x86)\WildTangent Games\App\UI\Scripts\block_space.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\common.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\controllers.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\footer.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\gameClient.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\gameplay.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\gameplay_loader.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\gameplay_offline.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\header.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\jquery.blend.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\jquery.colorbox.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\jquery.min.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\jquery.wt-carousel.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\localization.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\mygames.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\mygamesdropdown.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\newtab.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\OfflineSignIn.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\progress.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\searchsuggest.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\settings.js
c:\program files (x86)\WildTangent Games\App\UI\Scripts\wt.js
c:\program files (x86)\WildTangent Games\App\UI\search.html
c:\program files (x86)\WildTangent Games\App\UI\searchSuggest.htm
c:\program files (x86)\WildTangent Games\App\UI\Settings.html
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\colorbox.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\common.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\controllers.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\footer.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\gameplay_loader.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\gameplay_offline.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\header.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\de\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\en-us\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\es-es\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\es\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\fr\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\it\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\ko\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\pt\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\zh-chs\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\localization\zh-cht\locale.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\myAccount_offline.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\mygames.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\mygamesdropdown.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\NavError.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\newtab.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\offlineSignIn.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\parental.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\searchSuggest.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\default\settings.css
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0001.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0002.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0003.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0004.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0005.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0006.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0007.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0008.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0009.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0010.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0011.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0012.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0013.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0014.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0015.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0016.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0017.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0018.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0019.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0020.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0021.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0022.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0023.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0024.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0025.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0026.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0027.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0028.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0029.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0030.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0031.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0032.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0033.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0034.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0035.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0036.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0037.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0038.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0039.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnim\CoinAnim0040.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0001.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0002.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0003.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0004.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0005.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0006.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0007.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0008.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0009.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0010.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0011.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0012.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0013.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0014.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0015.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0016.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0017.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0018.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0019.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0020.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0021.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0022.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0023.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0024.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0025.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0026.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0027.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0028.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0029.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0030.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0031.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0032.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0033.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0034.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0035.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0036.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0037.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0038.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0039.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\coinAnimFree\CoinAnim0040.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\border.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\controls.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderBottomCenter.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderBottomLeft.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderBottomRight.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderMiddleLeft.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderMiddleRight.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderTopCenter.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderTopLeft.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\internet_explorer\borderTopRight.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\loading.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\loading_background.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\colorbox\overlay.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arrow_left.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arrow_right.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_left.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_left_o.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_leftinactive.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_right.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_right_o.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\arw_rightinactive.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_alpha.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_animatedprogress.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_animatedprogress_bbdl.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_content.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_content_bottom.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_content_dark.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_content_dark_top.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_footer.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_footeropen.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_footeropenlink.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_footeropenlink_o.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_megadropdown.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_navbar.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_navbar.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_progress.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_progress.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_progressbar.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_searchframe.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\bg_tabs.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\button_shadow_med.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\carousel_bottom.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\carousel_edge_left.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\carousel_edge_right.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\carousel_top.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\coinslot.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\ctrl_shadow.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\ctrl_shadow_small.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\ctrl_shadow_wire.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\ctrl_shadow_wire_short.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\error_indicator.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\esrb_ratings.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\favicon.ico
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\favicon.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\footer_center.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\footer_left.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\footer_right.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\game_icon_mask.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\header_icons.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_cart.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_closefooter.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_closefooter_o.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_myaccount.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_placeholder.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_search.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\icon_settings.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\indicator_active.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\indicator_inactive.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\loading_dots.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\loading_icon.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\lock.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\lock_closed.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\lock_open.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\mygames_hr.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\mygames_placeholder.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\myGamesHeaderBar_bg.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\nav_arrow.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\nav_div.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_facebook.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_hp.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_hulu.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_myspace.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_pandora.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_snapfish.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\newtab_twitter.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\progress_cancel.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\progress_pause.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\progress_resume.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\refresh.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\refresh_o.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\remove_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\search_icon_alt.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\settings_favicon.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\slider.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\sort_arrow.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\sort_button.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\sort_button_selected.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\spacer.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_active.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_active_end.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_active_end_mygames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_active_mygames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_add.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_close.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_close_o.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_controls.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_inactive.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_inactive_end.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_inactive_end_mygames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_inactive_mygames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\tab_loading.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\trash_20x20.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\view_carousel.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\view_list.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_bg.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_bg_interstitial.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_close.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_close_o.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_coinslot.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\common\wire_end_coinslot.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\de\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\en-us\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es-es\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\es\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\fr\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\it\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\ko\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\pt\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-chs\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\button_signin.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\CoinAnim0000.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\ctrl_newgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\ctrl_playgames.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\navbar_sprite_app.jpg
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\progress_cancel_no.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\progress_cancel_yes.gif
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\search_icon_console.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_btn_no_ads.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_btn_play.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_buy_game.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_get_wildcoins.png
c:\program files (x86)\WildTangent Games\App\UI\Skins\img\localization\zh-cht\wire_ok.gif
c:\program files (x86)\WildTangent Games\App\UI\StartupConfig.ini
c:\program files (x86)\WildTangent Games\App\uninstall.exe
c:\program files (x86)\WildTangent Games\App\WTDownloader.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_GamesAppService
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 01:00 . 2011-07-01 01:00 -------- d-----w- c:\users\Mcx1-CLARK-PC\AppData\Local\temp
2011-07-01 01:00 . 2011-07-01 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 23:05 . 2011-06-30 23:05 -------- d-----w- c:\users\Clark\AppData\Roaming\HPAppData
2011-06-30 22:27 . 2011-06-30 22:27 -------- d-----w- c:\program files (x86)\7-Zip
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\program files (x86)\TinyZIP
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\programdata\W3i
2011-06-30 22:21 . 2011-06-30 22:21 -------- d-----w- c:\program files (x86)\W3i
2011-06-30 22:11 . 2011-06-30 22:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-30 22:10 . 2011-05-04 09:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\users\Clark\AppData\Roaming\SUPERAntiSpyware.com
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 23:42 . 2011-06-28 23:42 -------- d-----w- c:\programdata\!SASCORE
2011-06-28 23:42 . 2011-06-28 23:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-28 13:55 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF883CB9-5E7A-4E3F-AB95-E6730BDFF4C8}\mpengine.dll
2011-06-25 19:04 . 2011-06-25 19:05 -------- d-----w- c:\program files\iTunes
2011-06-25 19:04 . 2011-06-25 19:05 -------- d-----w- c:\program files (x86)\iTunes
2011-06-25 19:04 . 2011-06-25 19:04 -------- d-----w- c:\program files\iPod
2011-06-25 19:03 . 2011-06-25 19:03 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-06-25 19:02 . 2011-06-25 19:02 -------- d-----w- c:\program files\Bonjour
2011-06-25 19:02 . 2011-06-25 19:02 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-16 06:57 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 06:57 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 06:57 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 06:57 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 06:57 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2010-07-04 06:22 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-07-04 06:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 00:14 . 2010-04-25 22:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 09:52 . 2010-09-17 18:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-22 20:18 . 2011-05-25 13:10 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:58 . 2011-05-19 03:59 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 12:49 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 12:49 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 12:49 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 03:59 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-30_22.51.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-24 17:15 . 2011-06-30 22:52 52026 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-30 22:52 41024 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-23 02:24 . 2011-06-30 22:52 10426 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-464309943-274483538-4150013216-1000_UserData.bin
- 2010-02-23 02:33 . 2011-06-30 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-23 02:33 . 2011-07-01 00:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-23 02:33 . 2011-06-30 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-23 02:33 . 2011-07-01 00:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-30 22:50 . 2011-06-30 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-01 01:02 . 2011-07-01 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-01 01:02 . 2011-07-01 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-30 22:50 . 2011-06-30 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-23 13:31 . 2011-07-01 00:36 301332 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-06-30 15:05 632708 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-01 01:06 632708 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-01 01:06 110342 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-06-30 15:05 110342 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-06-30 22:49 395176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-01 01:01 395176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-06-30 16:29 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-06-30 23:05 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-06-22 2408448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100415.001\IDSvia64.sys [2009-10-28 466992]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-11-24 117640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 06:50]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 06:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF24984.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g106p03f5v165r49j1s248
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Clark\AppData\Roaming\Mozilla\Firefox\Profiles\0gxht7t9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-06-30 20:11:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-01 01:11
ComboFix2.txt 2011-06-30 22:55
.
Pre-Run: 652,450,222,080 bytes free
Post-Run: 652,026,081,280 bytes free
.
- - End Of File - - 3195D24047A450ADA640192013BFE1FE

descriptionWindows 7 Security 2012 HELP!!! EmptyRe: Windows 7 Security 2012 HELP!!!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum