1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

big problems-virus, malware e.t.c- help appreciated

Discussion in 'Virus & Other Malware Removal' started by jb281, Nov 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    hi all, got few problems with pop-ups taking me to websites, my homepage has been changed and cant change it back. computer is generally very slow. not entirely sure what it is. here's a log. any help?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:01:32, on 06/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nufc.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\htrdbpmm.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\htrdbpmm.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [8894d9c7] "rundll32.exe" "C:\WINDOWS\system32\uvgcbfyf.dll",b
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E983B.dat
    O20 - Winlogon Notify: htrdbpmm - C:\WINDOWS\SYSTEM32\htrdbpmm.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 10572 bytes
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
  3. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    done scan wth combofix-seems to have got rid of the pop ups a my homepage has changed back. here's the log as requested.

    ComboFix 07-11-07.3 - Bowsie 2007-11-06 23:16:10.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.132 [GMT 0:00]
    Running from: C:\Documents and Settings\Bowsie\Local Settings\Temporary Internet Files\Content.IE5\33MZ07VN\ComboFix[1].exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Bowsie\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Bowsie\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Bowsie\Favorites\Online Security Guide.lnk
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Fonts\acrsecI.fon
    C:\WINDOWS\system32\__c00E3C04.dat
    C:\WINDOWS\system32\__c00E983B.dat
    C:\WINDOWS\system32\__c00F6CE1.dat
    C:\WINDOWS\system32\ckkmtrbv.dll
    C:\WINDOWS\system32\htrdbpmm.dllbox
    C:\WINDOWS\system32\iutlpljh.dll
    C:\WINDOWS\system32\jrdrqlvb.dll
    C:\WINDOWS\system32\lngrxptp.dll
    C:\WINDOWS\system32\odpekqpn.dll
    C:\WINDOWS\system32\ojiyiibh.dll
    C:\WINDOWS\system32\qeqdfpmm.dll
    C:\WINDOWS\system32\vlmvmhyv.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
    .

    2007-11-06 23:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-01 21:19 <DIR> d-------- C:\WINDOWS\pss
    2007-10-29 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-29 18:12 164 --a------ C:\install.dat
    2007-10-29 17:29 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-29 17:03 4,578 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-29 16:12 <DIR> d-------- C:\Program Files\Windows Defender
    2007-10-28 22:24 85,056 --a------ C:\WINDOWS\system32\uvgcbfyf.dll.ren
    2007-10-25 16:21 84,544 --a------ C:\WINDOWS\system32\llqsyyqk.dll.ren
    2007-10-25 16:21 295 --a------ C:\WINDOWS\system32\kqyysqll.ini.ren
    2007-10-25 16:17 345,832 ---hs---- C:\WINDOWS\system32\mpsru.bak2
    2007-10-24 15:49 693,637 --a------ C:\WINDOWS\system32\sailipxg.ini.ren
    2007-10-24 15:49 84,544 --a------ C:\WINDOWS\system32\gxpilias.dll.ren
    2007-10-24 09:56 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\AVG7
    2007-10-24 09:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-23 19:54 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-10-22 16:40 693,421 --a------ C:\WINDOWS\system32\oivnpxhw.ini.ren
    2007-10-22 16:40 86,080 --a------ C:\WINDOWS\system32\whxpnvio.dll.ren
    2007-10-22 16:27 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Simply Super Software
    2007-10-22 15:12 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Tenebril
    2007-10-22 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
    2007-10-22 14:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
    2007-10-22 14:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
    2007-10-21 18:46 693,835 --a------ C:\WINDOWS\system32\vikidsue.ini.ren
    2007-10-20 08:57 340,032 --a------ C:\WINDOWS\system32\oyksugpw.dll
    2007-10-20 08:57 340,032 --a------ C:\WINDOWS\system32\htrdbpmm.dll
    2007-10-20 08:52 320,875 --a------ C:\WINDOWS\system32\mpsru.bak2.ren
    2007-10-19 20:28 293,345 --a------ C:\WINDOWS\system32\mpsru.bak1.ren
    2007-10-19 20:27 302,273 --ahs---- C:\WINDOWS\system32\mpsru.ini.ren
    2007-10-19 15:21 <DIR> dr-h----- C:\Documents and Settings\Bowsie\Application Data\SecuROM

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-06 23:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-01 21:59 --------- d-----w C:\Program Files\Symantec
    2007-11-01 21:01 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\uTorrent
    2007-10-30 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-19 15:22 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\Sports Interactive
    2007-10-19 15:16 --------- d-----w C:\Program Files\Sports Interactive
    2007-10-04 14:37 --------- d-----w C:\Program Files\Norton Internet Security
    2007-09-30 19:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-09-30 19:17 --------- d--h--w C:\Program Files\Zero G Registry
    2007-09-30 17:40 --------- d-----w C:\Program Files\DivX
    2007-09-30 17:37 --------- d-----w C:\Program Files\PPMate
    2007-09-30 17:37 --------- d-----w C:\Program Files\InterActual
    2007-09-30 17:32 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\ppstream
    2007-09-30 17:25 --------- d-----w C:\Program Files\PartyGaming
    2007-09-26 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-20 18:04 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-15 19:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Symantec
    2007-09-11 15:48 --------- d-----w C:\Program Files\LimeWire
    2007-09-07 11:27 53,248 ----a-w C:\WINDOWS\system32\unrar.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-10-20 08:57 340032 --a------ C:\WINDOWS\system32\htrdbpmm.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\htrdbpmm.dll [2007-10-20 08:57 340032]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27]
    "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 19:26]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
    "NDSTray.exe"="NDSTray.exe" []
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 09:14]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-01 21:58]
    "CFSServ.exe"="CFSServ.exe" []
    "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" []
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 05:37]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-03 17:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:48]
    "8894d9c7"="rundll32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoToolbarCustomize"=0 (0x0)
    "NoBandCustomize"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoToolbarCustomize"=0 (0x0)
    "NoBandCustomize"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\htrdbpmm]
    htrdbpmm.dll 2007-10-20 08:57 340032 C:\WINDOWS\system32\htrdbpmm.dll

    R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys
    R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
    R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys
    R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys
    S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys
    S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537b34a1-4455-11d9-b92b-806d6172696f}]
    \Shell\AutoRun\command - D:\browser.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2265a3-42cb-11d9-85f1-806d6172696f}]
    \Shell\AutoRun\command - E:\browser.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba791153-4395-11d9-8be1-806d6172696f}]
    \Shell\AutoRun\command - E:\browser.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a9faf0-41df-11d9-a140-806d6172696f}]
    \Shell\AutoRun\command - D:\browser.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-07 23:29:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-09-28 23:11:54 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bowsie.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
    "2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 2.job"
    "2005-09-15 15:56:33 C:\WINDOWS\Tasks\Registration reminder 3.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-07 23:27:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-07 23:32:50 - machine was rebooted
    .
    --- E O F ---
     
  4. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    there are still couple of things. a yellow exclamation mark in the bottom right corner which pops up with a window warning security alert:spyware found psw.x-virus and also the website taking me to savetheinformation.com. any further help?
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    still a lot to do

    lets see what this clears before we do any manual fixes

    download Sunbelt Counterspy Free trial

    Save the install file to desktop and double click it to install counterspy

    Once it has installed, follow the set up wizard which will automatically start, allow it to update itself

    It will take a few minutes to update to the latest definitions file versions

    run a full scan & when it finishes a window will open with all items found

    They should all be marked as quarantine or delete by default so scroll down & check that nothing you know to be good or want to keep is detected. Then just press the take action button & follow any prompts ( set anything you want to keep as ignore)

    post back with it's report ( on the scan page, press view details & copy that report & paste it back here )
     
  6. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    okay; here's the log. it found a fair few things which i removed.

    ill post the log in two sections because it wont let me post it in one.

    Scan History Details
    Start Date: 08/11/2007 16:18:40
    End Date: 08/11/2007 17:01:50
    Total Time: 43 Min 10 Sec
    Detected security risks

    Cookie: Adviva Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: ATDMT.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][2].txt


    Cookie: BS.Serving-Sys Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][2].txt
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: BurstNet.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][2].txt


    Cookie: DoubleClick Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: Hitbox.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][2].txt


    Cookie: FastClick.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: HC2.HumanClick Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: Hotbar Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    KaZaA P2P Program more information...
    Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
    Status: Ignored

    Files detected
    C:\PROGRAM FILES\KAZAA
    C:\PROGRAM FILES\KAZAA\MY SHARED FOLDER

    Registry entries detected
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Advanced
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Advanced
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Settings
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Settings
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Settings
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Settings
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Transfer
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Transfer
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Transfer


    Cookie: Mediaplex.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: Overture.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Altnet P2P Networking Low Risk Adware more information...
    Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
    Status: Ignored

    Registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING


    Cookie: QuestionMarket.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: Ru4.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: Advertising.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: Stat.Onestat Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    Cookie: TribalFusion.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][2].txt


    Twain Tech Adware (General) more information...
    Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user's browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
    Status: Deleted

    Files detected
    C:\WINDOWS\smdat32m.sys


    Cookie: adrevolver Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][1].txt


    RXToolbar Toolbar more information...
    Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com.
    Status: Deleted

    Files detected
    C:\PROGRAM FILES\RXTOOLBAR


    Virtumonde Adware (General) more information...
    Details: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers.
    Status: Deleted

    Files detected
    c:\WINDOWS\system32\htrdbpmm.dll

    Registry entries detected
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32


    Bifrost Backdoor more information...
    Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
    Status: Deleted

    Registry entries detected
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\WGET


    Cookie: PriceBandit Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][2].txt


    Cookie: Radar Spy Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\bowsie\cookies\[email protected][2].txt


    SecurityToolbar.DesktopScam Hijacker more information...
    Details: .
    Status: Deleted

    Files detected
    c:\WINDOWS\system32\htrdbpmm.dll

    Registry entries detected
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A95B2816-1D7E-4561-A202-68C0DE02353A}


    Trojan.FakeAlert Trojan more information...
    Details: Trojan.FakeAlert consists of files that cause false warnings of spyware on the computer. Usually the alerts are displayed in a balloon type pop-up from an icon in the system tray.
    Status: Deleted

    Files detected
    C:\Documents and Settings\Bowsie\Local Settings\Temp\ico1.tmp
    C:\Documents and Settings\Bowsie\Local Settings\Temp\ico10.tmp
    C:\Documents and Settings\Bowsie\Local Settings\Temp\ico11.tmp
    C:\Documents and Settings\Bowsie\Local Settings\Temp\ico12.tmp
    C:\Documents and Settings\Bowsie\Local Settings\Temp\ico13.tmp
    C:\Documents and Settings\Bowsie\Local Settings\Temp\ico2.tmp
    C:\Documents and Settings\Bowsie\Local Settings\Temp\ico3.tmp
    C:\Documents and Settings\Bowsie\Local Settings\Temp\ico4.tmp
    C:\Documents and Settings\Bowsie\Local Settings\Temp\ico5.tmp
    C:\Documents and Settings\Bowsie\Local Settings\Temp\icoF.tmp
    c:\WINDOWS\system32\htrdbpmm.dll

    Registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR


    Need2FindBar Potentially Unwanted Program more information...
    Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
    Status: Ignored

    Files detected
    C:\PROGRAM FILES\NEED2FIND\bar\History\search
    C:\PROGRAM FILES\NEED2FIND
    C:\PROGRAM FILES\NEED2FIND\BAR
    C:\PROGRAM FILES\NEED2FIND\BAR\HISTORY
    C:\PROGRAM FILES\NEED2FIND\BAR\SETTINGS

    Registry entries detected
    HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2
    HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2
    HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2\CLSID
    HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2\CLSID
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\NEED2FIND
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\NEED2FIND\bar
     
  7. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    this is the nxt section.

    PartyPoker Potentially Unwanted Program more information...
    Details: PartyPoker is an online gambling application that requires the user to download its software in order to play.
    Status: Ignored

    Files detected
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Images\lhn_ani_refresh.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Images\lhn_bar_jackpot_numbers.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Images\lhn_bar_jackpot_numbers_small.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Images\lobbyconfig.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\closewindow.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\closewindow.swf
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\images\lhn_bar_jackpot.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\images\lhn_bar_jackpot_numbers.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\lang_pack_de_DE.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\PartyCasinoRes.dll
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\closewindow.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\closewindow.swf
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\addplaymoney_button.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\aud.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\autospincancel_button.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\autospinoptions_background.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\autospinstart_button.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_botbg.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_cancelbutton.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_cashierbutton.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_midbg.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_okbutton.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_topbg.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cad.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_americanroulette_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_baccarat_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_bjbonuspairs_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_bjhighlimit_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_bjsingledeck_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_boardbabe_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_cashcruise_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_casinowar_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_coolbanana_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_deuceswild_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_europeanroulette_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_firedrake_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_flamingo_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_fruitparty_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_goannagold_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_goldenoasis_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_graveyardbash_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_hotjokerpoker_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_hotroller_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_job_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_junglerumble_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_kangacash_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_kookakeno_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_lir_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_logo_cover.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_magicman_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_mhvp_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_paigow_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_pc_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_pcp_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_piggypayback_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_predator_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_reddog_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_safecrackerkeno_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_sfw_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_silvercity_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_superjoker_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_supermystic_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_superstar_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_sweethawaii_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_tcp_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_tod_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_vegasclub_icon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c0_5.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c1.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c10.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c100.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c100k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c10k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c1k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c25.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c250.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c25k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c2_5k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c5.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c50.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c500.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c500k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c50k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c5k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\action_button.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\action_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\action_pending_panel.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\autostand.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\away_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\backcard.bmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\bj_check.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\blackjack.wav
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\card_pointer.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\card_pointer.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\check_box.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip100_button.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip1_button.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip25_button.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip500_button.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip5_button.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip_pointer.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\clear_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\deal_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\double_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\first_hand.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\first_hand.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\game_topbar_pff.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\hit_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\iam_back_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\insurance.wav
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\last_of_all.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\leave_seat_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\looser.rgn
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\looser_popup.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\mpbj_deck.bmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerbj.dll
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerblackjack\mpbj_table.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerblackjack\mpbj_trny_table.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerblackjack\version.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\number_circle.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\player_area.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\push.wav
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\repeatbet_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\result_bj.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\result_bust.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\result_push.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\result_won.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\sittingout_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\skip_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\split.wav
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\split_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\stand_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\steppedout_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\surrender_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\take_seat_button.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\title_tourneybuyin.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\trny_player_area.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\trny_watcher_area.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\version.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\watcher_area.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\winner.rgn
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\winners_closebutton.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\winners_popup.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc0_5.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc1.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc10.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc100.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc100k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc10k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc1k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc25.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc250.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc25k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc2_5k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc5.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc50.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc500.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc500k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc50k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc5k.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cashout_midbg.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\chf.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\czk.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\dkk.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\eur.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\format.ini
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\gbp.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\hkd.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\huf.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\ils.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\inr.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\jpy.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\krw.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\myr.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\nok.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\nzd.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\php.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\pln.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\ron.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\rur.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\sek.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\sgd.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\skk.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\thb.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\trny_buyin_botbg.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\try.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\twd.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\usd.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\zar.png
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\lhn_ani_refresh.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\lhn_bar_jackpot_numbers.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\lhn_bar_jackpot_numbers_small.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\lobbyconfig.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\pc_uninstall.bat
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\sys.ini
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop10.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop10.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop11.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop11.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop2e.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop2E.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop2f.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop2F.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop31.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop31.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop32.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop32.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop33.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop33.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop4c.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop4C.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop4d.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop4D.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop6f.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop6F.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop8.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop8.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop9.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop9.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop91.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop91.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\popc4.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\popC4.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\popc6.htm
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\popC6.tmp
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12174.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12176.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12180.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12182.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12184.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12186.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\2.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\4.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\6460.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\6728.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\6734.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\6752.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070427\Table 126227_1304866.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070427\Table 127033_1305943.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070428\Table 126138_1304763.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070429\Table 126198_1304829.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070501\Table 126089_1304714.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070503\Table 128116_1312010.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070504\Table 126762_1305477.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070513\Table 126993_1305902.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070520\Table 127026_1305936.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070524\Speed #1330841_1330841.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\tonydrewus99\20070522\Speed #1330809_1330809.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\tonydrewus99\20070522\Table 126169_1304800.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\468x60_DefaultBanner.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\728x90_DefaultBanner.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\buyin_popup_okbg.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\Cashier_button.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\lhn_ani_refresh.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\lhn_bar_jackpot_numbers_small.gif
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\pp_logo_small.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\strip.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\system_but_bingo.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\system_but_gammon.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\titlebar_chip.jpg
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10437.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10571.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10573.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10577.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10579.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10581.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10617.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10625.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10627.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10655.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10657.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10659.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10699.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10719.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10749.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10751.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10753.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12741.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12743.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12815.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12821.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12845.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12871.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12875.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12879.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\2.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\4.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\42428.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\42430.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46346.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46374.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46390.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46424.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46432.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48248.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48252.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48260.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48262.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48340.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48478.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48514.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48640.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48738.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48790.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48794.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48812.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48814.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48816.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50708.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50712.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50752.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50754.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50756.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50766.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50782.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50824.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50828.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50890.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50900.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50902.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50904.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50906.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50908.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50918.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50930.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50938.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50940.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50942.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50950.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50986.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52708.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52758.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52774.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52776.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52864.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52874.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52876.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52880.atc
     
  8. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    and the final section.

    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54708.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54716.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54718.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54724.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54750.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54752.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54754.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54768.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54770.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54776.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54786.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54794.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54810.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54814.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54816.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54820.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54832.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54834.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54866.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54870.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54872.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54876.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54914.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54966.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55004.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55012.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55034.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55064.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55066.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55070.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55126.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55136.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55162.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55170.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55172.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\56724.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\6331.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\6333.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\8321.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\8325.atc
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Notes.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Sys.ini
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\tmpUpgrade\INSTALL.LOG
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\tmpUpgrade\upgradepp107-108man.exe
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\tmpUpgrade\upgradepp108-109man.exe
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\tmpUpgrade\upgradepp109-110man.exe
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\TourneyDescription.html
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Uninstall.exe
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\usertab.txt
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\IMAGES
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\DE_DE
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\DE_DE\IMAGES
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\ARTICLES
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES\CARDGAMES
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES\CARDGAMES\BLACKJACK
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES\CARDGAMES\MULTIPLAYERBJ
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES\CARDGAMES\MULTIPLAYERBJ\MULTIPLAYERBLACKJACK
    C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\TEMP
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\ARTICLES
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070427
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070428
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070429
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070501
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070503
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070504
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070513
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070520
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070524
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\TONYDREWUS99
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\TONYDREWUS99\20070522
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\IMAGES
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\LANGUAGE
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\LANGUAGE\EN_US
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\LANGUAGE\EN_US\ARTICLES
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\TEMP
    C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\TMPUPGRADE

    Registry entries detected
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
    HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER


    Adware.SecToolbar Toolbar more information...
    Status: Deleted

    Files detected
    C:\Documents and Settings\Bowsie\Desktop\SmitfraudFix\WS2Fix.exe


    next step anyone?
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    ok

    run combofix again so I can see its latest report
     
  10. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    ok, here's the next combofix log.

    ComboFix 07-11-08.1 - Bowsie 2007-11-08 22:53:28.2 - NTFSx86
    Running from: C:\Documents and Settings\Bowsie\Local Settings\Temporary Internet Files\Content.IE5\9OFD3KDY\ComboFix[1].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Bowsie\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Bowsie\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Bowsie\Favorites\Online Security Guide.lnk
    C:\WINDOWS\system32\htrdbpmm.dllbox

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
    .

    2007-11-08 16:06 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
    2007-11-08 16:04 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Sunbelt Software
    2007-11-08 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    2007-11-08 16:02 <DIR> d-------- C:\Program Files\Sunbelt Software
    2007-11-06 23:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-01 21:19 <DIR> d-------- C:\WINDOWS\pss
    2007-10-29 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-29 18:12 164 --a------ C:\install.dat
    2007-10-29 17:29 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-29 17:03 4,578 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-29 16:12 <DIR> d-------- C:\Program Files\Windows Defender
    2007-10-28 22:24 85,056 --a------ C:\WINDOWS\system32\uvgcbfyf.dll.ren
    2007-10-25 16:21 84,544 --a------ C:\WINDOWS\system32\llqsyyqk.dll.ren
    2007-10-25 16:21 295 --a------ C:\WINDOWS\system32\kqyysqll.ini.ren
    2007-10-25 16:17 345,832 ---hs---- C:\WINDOWS\system32\mpsru.bak2
    2007-10-24 15:49 693,637 --a------ C:\WINDOWS\system32\sailipxg.ini.ren
    2007-10-24 15:49 84,544 --a------ C:\WINDOWS\system32\gxpilias.dll.ren
    2007-10-24 09:56 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\AVG7
    2007-10-24 09:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-23 19:54 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-10-22 16:40 693,421 --a------ C:\WINDOWS\system32\oivnpxhw.ini.ren
    2007-10-22 16:40 86,080 --a------ C:\WINDOWS\system32\whxpnvio.dll.ren
    2007-10-22 16:27 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Simply Super Software
    2007-10-22 15:12 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Tenebril
    2007-10-22 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
    2007-10-22 14:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
    2007-10-22 14:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
    2007-10-21 18:46 693,835 --a------ C:\WINDOWS\system32\vikidsue.ini.ren
    2007-10-20 08:57 340,032 --a------ C:\WINDOWS\system32\oyksugpw.dll
    2007-10-20 08:52 320,875 --a------ C:\WINDOWS\system32\mpsru.bak2.ren
    2007-10-19 20:28 293,345 --a------ C:\WINDOWS\system32\mpsru.bak1.ren
    2007-10-19 20:27 302,273 --ahs---- C:\WINDOWS\system32\mpsru.ini.ren
    2007-10-19 15:21 <DIR> dr-h----- C:\Documents and Settings\Bowsie\Application Data\SecuROM

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-08 23:01 34,360 ----a-w C:\WINDOWS\system32\drivers\sbapifs.sys
    2007-11-08 16:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-01 21:59 --------- d-----w C:\Program Files\Symantec
    2007-11-01 21:01 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\uTorrent
    2007-10-30 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-19 15:22 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\Sports Interactive
    2007-10-19 15:16 --------- d-----w C:\Program Files\Sports Interactive
    2007-10-04 14:37 --------- d-----w C:\Program Files\Norton Internet Security
    2007-09-30 19:17 --------- d--h--w C:\Program Files\Zero G Registry
    2007-09-30 17:40 --------- d-----w C:\Program Files\DivX
    2007-09-30 17:37 --------- d-----w C:\Program Files\PPMate
    2007-09-30 17:37 --------- d-----w C:\Program Files\InterActual
    2007-09-30 17:32 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\ppstream
    2007-09-30 17:25 --------- d-----w C:\Program Files\PartyGaming
    2007-09-26 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-20 18:04 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-15 19:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Symantec
    2007-09-11 15:48 --------- d-----w C:\Program Files\LimeWire
    .

    ((((((((((((((((((((((((((((( [email protected]_23.29.39.60 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-08 16:04:11 19,230 ----a-r C:\WINDOWS\Installer\{A5CC3E6E-CAC7-4D47-A5C8-743E549890D5}\ARPPRODUCTICON.exe
    + 2006-10-30 11:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys
    + 2005-11-02 11:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll
    + 2005-11-02 11:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll
    + 2003-02-21 07:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE
    - 2006-07-20 12:24:38 14,872 ----a-w C:\WINDOWS\system32\SBBD.exe
    + 2007-08-27 11:26:10 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe
    + 2005-11-02 11:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll
    + 2006-06-22 15:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27]
    "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 19:26]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
    "NDSTray.exe"="NDSTray.exe" []
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 09:14]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-01 21:58]
    "CFSServ.exe"="CFSServ.exe" []
    "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" []
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 05:37]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-03 17:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:48]
    "8894d9c7"="rundll32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoToolbarCustomize"=0 (0x0)
    "NoBandCustomize"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoToolbarCustomize"=0 (0x0)
    "NoBandCustomize"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\htrdbpmm]
    htrdbpmm.dll

    R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
    R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys
    R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
    R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys
    R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
    R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys
    S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys
    S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537b34a1-4455-11d9-b92b-806d6172696f}]
    \Shell\AutoRun\command - D:\browser.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2265a3-42cb-11d9-85f1-806d6172696f}]
    \Shell\AutoRun\command - E:\browser.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba791153-4395-11d9-8be1-806d6172696f}]
    \Shell\AutoRun\command - E:\browser.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a9faf0-41df-11d9-a140-806d6172696f}]
    \Shell\AutoRun\command - D:\browser.exe

    *Newly Created Service* - SBAPIFS
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-08 23:04:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-09-28 23:11:54 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bowsie.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
    "2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 2.job"
    "2005-09-15 15:56:33 C:\WINDOWS\Tasks\Registration reminder 3.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-08 23:01:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-08 23:06:58 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-07 23:32
    .
    --- E O F ---
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Open Notepad and copy and paste the text in the code box below into it:



    Code:
    Files::
    C:\WINDOWS\system32\uvgcbfyf.dll.ren
    C:\WINDOWS\system32\llqsyyqk.dll.ren
    C:\WINDOWS\system32\kqyysqll.ini.ren
    C:\WINDOWS\system32\mpsru.bak2
    C:\WINDOWS\system32\sailipxg.ini.ren
    C:\WINDOWS\system32\gxpilias.dll.ren
    C:\WINDOWS\system32\oivnpxhw.ini.ren
    C:\WINDOWS\system32\whxpnvio.dll.ren
    C:\WINDOWS\system32\vikidsue.ini.ren
    C:\WINDOWS\system32\oyksugpw.dll
    C:\WINDOWS\system32\mpsru.bak2.ren
    C:\WINDOWS\system32\mpsru.bak1.ren
    C:\WINDOWS\system32\mpsru.ini.ren
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "8894d9c7"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\htrdbpmm] 
    


    Save the attached CFScript.txt to desktop

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  12. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    ok here's the combofix.txt.

    ComboFix 07-11-08.1 - Bowsie 2007-11-09 17:41:36.3 - NTFSx86
    Running from: C:\Documents and Settings\Bowsie\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Bowsie\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
    .

    2007-11-08 23:10 0 --a------ C:\WINDOWS\system32\SBRC.dat
    2007-11-08 23:10 0 --a------ C:\WINDOWS\system32\SBFC.dat
    2007-11-08 16:06 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
    2007-11-08 16:04 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Sunbelt Software
    2007-11-08 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    2007-11-08 16:02 <DIR> d-------- C:\Program Files\Sunbelt Software
    2007-11-06 23:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-01 21:19 <DIR> d-------- C:\WINDOWS\pss
    2007-10-29 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-29 18:12 164 --a------ C:\install.dat
    2007-10-29 17:29 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-29 17:03 4,578 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-29 16:12 <DIR> d-------- C:\Program Files\Windows Defender
    2007-10-28 22:24 85,056 --a------ C:\WINDOWS\system32\uvgcbfyf.dll.ren
    2007-10-25 16:21 84,544 --a------ C:\WINDOWS\system32\llqsyyqk.dll.ren
    2007-10-25 16:21 295 --a------ C:\WINDOWS\system32\kqyysqll.ini.ren
    2007-10-25 16:17 345,832 ---hs---- C:\WINDOWS\system32\mpsru.bak2
    2007-10-24 15:49 693,637 --a------ C:\WINDOWS\system32\sailipxg.ini.ren
    2007-10-24 15:49 84,544 --a------ C:\WINDOWS\system32\gxpilias.dll.ren
    2007-10-24 09:56 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\AVG7
    2007-10-24 09:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-23 19:54 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-10-22 16:40 693,421 --a------ C:\WINDOWS\system32\oivnpxhw.ini.ren
    2007-10-22 16:40 86,080 --a------ C:\WINDOWS\system32\whxpnvio.dll.ren
    2007-10-22 16:27 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Simply Super Software
    2007-10-22 15:12 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Tenebril
    2007-10-22 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
    2007-10-22 14:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
    2007-10-22 14:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
    2007-10-21 18:46 693,835 --a------ C:\WINDOWS\system32\vikidsue.ini.ren
    2007-10-20 08:57 340,032 --a------ C:\WINDOWS\system32\oyksugpw.dll
    2007-10-20 08:52 320,875 --a------ C:\WINDOWS\system32\mpsru.bak2.ren
    2007-10-19 20:28 293,345 --a------ C:\WINDOWS\system32\mpsru.bak1.ren
    2007-10-19 20:27 302,273 --ahs---- C:\WINDOWS\system32\mpsru.ini.ren
    2007-10-19 15:21 <DIR> dr-h----- C:\Documents and Settings\Bowsie\Application Data\SecuROM

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-09 17:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-01 21:59 --------- d-----w C:\Program Files\Symantec
    2007-11-01 21:01 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\uTorrent
    2007-10-30 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-19 15:22 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\Sports Interactive
    2007-10-19 15:16 --------- d-----w C:\Program Files\Sports Interactive
    2007-10-04 14:37 --------- d-----w C:\Program Files\Norton Internet Security
    2007-09-30 19:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-09-30 19:17 --------- d--h--w C:\Program Files\Zero G Registry
    2007-09-30 17:40 --------- d-----w C:\Program Files\DivX
    2007-09-30 17:37 --------- d-----w C:\Program Files\PPMate
    2007-09-30 17:37 --------- d-----w C:\Program Files\InterActual
    2007-09-30 17:32 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\ppstream
    2007-09-30 17:25 --------- d-----w C:\Program Files\PartyGaming
    2007-09-26 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-20 18:04 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-15 19:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Symantec
    2007-09-11 15:48 --------- d-----w C:\Program Files\LimeWire
    2007-09-07 11:27 53,248 ----a-w C:\WINDOWS\system32\unrar.dll
    2007-08-27 11:26 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_23.29.39.60 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-08 16:04:11 19,230 ----a-r C:\WINDOWS\Installer\{A5CC3E6E-CAC7-4D47-A5C8-743E549890D5}\ARPPRODUCTICON.exe
    + 2006-10-30 11:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys
    + 2005-11-02 11:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll
    + 2005-11-02 11:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll
    + 2003-02-21 07:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE
    + 2005-11-02 11:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll
    + 2006-06-22 15:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27]
    "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 19:26]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
    "NDSTray.exe"="NDSTray.exe" []
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 09:14]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-01 21:58]
    "CFSServ.exe"="CFSServ.exe" []
    "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" []
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 05:37]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-03 17:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:48]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoToolbarCustomize"=0 (0x0)
    "NoBandCustomize"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoToolbarCustomize"=0 (0x0)
    "NoBandCustomize"=0 (0x0)

    R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
    R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys
    R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
    R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys
    R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
    R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys
    S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys
    S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537b34a1-4455-11d9-b92b-806d6172696f}]
    \Shell\AutoRun\command - D:\browser.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2265a3-42cb-11d9-85f1-806d6172696f}]
    \Shell\AutoRun\command - E:\browser.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba791153-4395-11d9-8be1-806d6172696f}]
    \Shell\AutoRun\command - E:\browser.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a9faf0-41df-11d9-a140-806d6172696f}]
    \Shell\AutoRun\command - D:\browser.exe

    *Newly Created Service* - SBAPIFS
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-09 17:27:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-09-28 23:11:54 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bowsie.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
    "2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 2.job"
    "2005-09-15 15:56:33 C:\WINDOWS\Tasks\Registration reminder 3.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-09 17:45:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-09 17:47:14
    C:\ComboFix2.txt ... 2007-11-08 23:06
    C:\ComboFix3.txt ... 2007-11-07 23:32
    .
    --- E O F ---
     
  13. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    and the new hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:48:40, on 09/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nufc.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 10271 bytes
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    for some reason it didn't delete any of the files it was set to

    I have just edited my previous post to remove a blank line aat teh start which might have been the problem

    please try it again
     
  15. jb281

    jb281 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    13
    ok did it again. here's the hijackthis log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:32:57, on 09/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nufc.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 10151 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/648692

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice