big problems-virus, malware e.t.c- help appreciated

[jb281]

hi all, got few problems with pop-ups taking me to websites, my homepage has been changed and cant change it back. computer is generally very slow. not entirely sure what it is. here's a log. any help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:32, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nufc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\htrdbpmm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\htrdbpmm.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [8894d9c7] "rundll32.exe" "C:\WINDOWS\system32\uvgcbfyf.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E983B.dat
O20 - Winlogon Notify: htrdbpmm - C:\WINDOWS\SYSTEM32\htrdbpmm.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 10572 bytes

 

[dvk01]

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

 

[jb281]

done scan wth combofix-seems to have got rid of the pop ups a my homepage has changed back. here's the log as requested.

ComboFix 07-11-07.3 - Bowsie 2007-11-06 23:16:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.132 [GMT 0:00]
Running from: C:\Documents and Settings\Bowsie\Local Settings\Temporary Internet Files\Content.IE5\33MZ07VN\ComboFix[1].exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Bowsie\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Bowsie\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Bowsie\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\__c00E3C04.dat
C:\WINDOWS\system32\__c00E983B.dat
C:\WINDOWS\system32\__c00F6CE1.dat
C:\WINDOWS\system32\ckkmtrbv.dll
C:\WINDOWS\system32\htrdbpmm.dllbox
C:\WINDOWS\system32\iutlpljh.dll
C:\WINDOWS\system32\jrdrqlvb.dll
C:\WINDOWS\system32\lngrxptp.dll
C:\WINDOWS\system32\odpekqpn.dll
C:\WINDOWS\system32\ojiyiibh.dll
C:\WINDOWS\system32\qeqdfpmm.dll
C:\WINDOWS\system32\vlmvmhyv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.

2007-11-06 23:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-01 21:19 <DIR> d-------- C:\WINDOWS\pss
2007-10-29 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-29 18:12 164 --a------ C:\install.dat
2007-10-29 17:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-29 17:03 4,578 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 16:12 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-28 22:24 85,056 --a------ C:\WINDOWS\system32\uvgcbfyf.dll.ren
2007-10-25 16:21 84,544 --a------ C:\WINDOWS\system32\llqsyyqk.dll.ren
2007-10-25 16:21 295 --a------ C:\WINDOWS\system32\kqyysqll.ini.ren
2007-10-25 16:17 345,832 ---hs---- C:\WINDOWS\system32\mpsru.bak2
2007-10-24 15:49 693,637 --a------ C:\WINDOWS\system32\sailipxg.ini.ren
2007-10-24 15:49 84,544 --a------ C:\WINDOWS\system32\gxpilias.dll.ren
2007-10-24 09:56 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\AVG7
2007-10-24 09:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-23 19:54 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-22 16:40 693,421 --a------ C:\WINDOWS\system32\oivnpxhw.ini.ren
2007-10-22 16:40 86,080 --a------ C:\WINDOWS\system32\whxpnvio.dll.ren
2007-10-22 16:27 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Simply Super Software
2007-10-22 15:12 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Tenebril
2007-10-22 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-10-22 14:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-10-22 14:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-10-21 18:46 693,835 --a------ C:\WINDOWS\system32\vikidsue.ini.ren
2007-10-20 08:57 340,032 --a------ C:\WINDOWS\system32\oyksugpw.dll
2007-10-20 08:57 340,032 --a------ C:\WINDOWS\system32\htrdbpmm.dll
2007-10-20 08:52 320,875 --a------ C:\WINDOWS\system32\mpsru.bak2.ren
2007-10-19 20:28 293,345 --a------ C:\WINDOWS\system32\mpsru.bak1.ren
2007-10-19 20:27 302,273 --ahs---- C:\WINDOWS\system32\mpsru.ini.ren
2007-10-19 15:21 <DIR> dr-h----- C:\Documents and Settings\Bowsie\Application Data\SecuROM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 23:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-01 21:59 --------- d-----w C:\Program Files\Symantec
2007-11-01 21:01 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\uTorrent
2007-10-30 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-19 15:22 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\Sports Interactive
2007-10-19 15:16 --------- d-----w C:\Program Files\Sports Interactive
2007-10-04 14:37 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-30 19:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-30 19:17 --------- d--h--w C:\Program Files\Zero G Registry
2007-09-30 17:40 --------- d-----w C:\Program Files\DivX
2007-09-30 17:37 --------- d-----w C:\Program Files\PPMate
2007-09-30 17:37 --------- d-----w C:\Program Files\InterActual
2007-09-30 17:32 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\ppstream
2007-09-30 17:25 --------- d-----w C:\Program Files\PartyGaming
2007-09-26 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-20 18:04 --------- d-----w C:\Program Files\MSN Messenger
2007-09-15 19:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Symantec
2007-09-11 15:48 --------- d-----w C:\Program Files\LimeWire
2007-09-07 11:27 53,248 ----a-w C:\WINDOWS\system32\unrar.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-20 08:57 340032 --a------ C:\WINDOWS\system32\htrdbpmm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\htrdbpmm.dll [2007-10-20 08:57 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 19:26]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
"NDSTray.exe"="NDSTray.exe" []
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 09:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-01 21:58]
"CFSServ.exe"="CFSServ.exe" []
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 05:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-03 17:28]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:48]
"8894d9c7"="rundll32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\htrdbpmm]
htrdbpmm.dll 2007-10-20 08:57 340032 C:\WINDOWS\system32\htrdbpmm.dll

R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys
R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys
S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537b34a1-4455-11d9-b92b-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2265a3-42cb-11d9-85f1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba791153-4395-11d9-8be1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a9faf0-41df-11d9-a140-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-07 23:29:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-28 23:11:54 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bowsie.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 2.job"
"2005-09-15 15:56:33 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 23:27:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-07 23:32:50 - machine was rebooted
.
--- E O F ---

 

[jb281]

there are still couple of things. a yellow exclamation mark in the bottom right corner which pops up with a window warning security alert:spyware found psw.x-virus and also the website taking me to savetheinformation.com. any further help?

 

[dvk01]

still a lot to do

lets see what this clears before we do any manual fixes

download Sunbelt Counterspy Free trial

Save the install file to desktop and double click it to install counterspy

Once it has installed, follow the set up wizard which will automatically start, allow it to update itself

It will take a few minutes to update to the latest definitions file versions

run a full scan & when it finishes a window will open with all items found

They should all be marked as quarantine or delete by default so scroll down & check that nothing you know to be good or want to keep is detected. Then just press the take action button & follow any prompts ( set anything you want to keep as ignore)

post back with it's report ( on the scan page, press view details & copy that report & paste it back here )

 

[jb281]

okay; here's the log. it found a fair few things which i removed.

ill post the log in two sections because it wont let me post it in one.

Scan History Details
Start Date: 08/11/2007 16:18:40
End Date: 08/11/2007 17:01:50
Total Time: 43 Min 10 Sec
Detected security risks

Cookie: Adviva Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][2].txt


Cookie: BS.Serving-Sys Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][2].txt
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: BurstNet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][2].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: Hitbox.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][2].txt


Cookie: FastClick.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: HC2.HumanClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: Hotbar Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Files detected
C:\PROGRAM FILES\KAZAA
C:\PROGRAM FILES\KAZAA\MY SHARED FOLDER

Registry entries detected
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Advanced
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Advanced
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\KAZAA\Transfer


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: Overture.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Ignored

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING


Cookie: QuestionMarket.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: Ru4.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: Stat.Onestat Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


Cookie: TribalFusion.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][2].txt


Twain Tech Adware (General) more information...
Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user's browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
Status: Deleted

Files detected
C:\WINDOWS\smdat32m.sys


Cookie: adrevolver Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][1].txt


RXToolbar Toolbar more information...
Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com.
Status: Deleted

Files detected
C:\PROGRAM FILES\RXTOOLBAR


Virtumonde Adware (General) more information...
Details: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers.
Status: Deleted

Files detected
c:\WINDOWS\system32\htrdbpmm.dll

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32


Bifrost Backdoor more information...
Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\WGET


Cookie: PriceBandit Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][2].txt


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\bowsie\cookies\[email protected][2].txt


SecurityToolbar.DesktopScam Hijacker more information...
Details: .
Status: Deleted

Files detected
c:\WINDOWS\system32\htrdbpmm.dll

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A95B2816-1D7E-4561-A202-68C0DE02353A}


Trojan.FakeAlert Trojan more information...
Details: Trojan.FakeAlert consists of files that cause false warnings of spyware on the computer. Usually the alerts are displayed in a balloon type pop-up from an icon in the system tray.
Status: Deleted

Files detected
C:\Documents and Settings\Bowsie\Local Settings\Temp\ico1.tmp
C:\Documents and Settings\Bowsie\Local Settings\Temp\ico10.tmp
C:\Documents and Settings\Bowsie\Local Settings\Temp\ico11.tmp
C:\Documents and Settings\Bowsie\Local Settings\Temp\ico12.tmp
C:\Documents and Settings\Bowsie\Local Settings\Temp\ico13.tmp
C:\Documents and Settings\Bowsie\Local Settings\Temp\ico2.tmp
C:\Documents and Settings\Bowsie\Local Settings\Temp\ico3.tmp
C:\Documents and Settings\Bowsie\Local Settings\Temp\ico4.tmp
C:\Documents and Settings\Bowsie\Local Settings\Temp\ico5.tmp
C:\Documents and Settings\Bowsie\Local Settings\Temp\icoF.tmp
c:\WINDOWS\system32\htrdbpmm.dll

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Ignored

Files detected
C:\PROGRAM FILES\NEED2FIND\bar\History\search
C:\PROGRAM FILES\NEED2FIND
C:\PROGRAM FILES\NEED2FIND\BAR
C:\PROGRAM FILES\NEED2FIND\BAR\HISTORY
C:\PROGRAM FILES\NEED2FIND\BAR\SETTINGS

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2
HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2
HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\NEED2FIND
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\NEED2FIND\bar

 

[jb281]

this is the nxt section.

PartyPoker Potentially Unwanted Program more information...
Details: PartyPoker is an online gambling application that requires the user to download its software in order to play.
Status: Ignored

Files detected
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Images\lhn_ani_refresh.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Images\lhn_bar_jackpot_numbers.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Images\lhn_bar_jackpot_numbers_small.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Images\lobbyconfig.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\closewindow.html
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\closewindow.swf
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\images\lhn_bar_jackpot.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\images\lhn_bar_jackpot_numbers.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\lang_pack_de_DE.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\de_DE\PartyCasinoRes.dll
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\closewindow.html
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\closewindow.swf
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\addplaymoney_button.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\aud.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\autospincancel_button.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\autospinoptions_background.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\autospinstart_button.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_botbg.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_cancelbutton.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_cashierbutton.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_midbg.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_okbutton.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\buyin_topbg.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cad.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_americanroulette_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_baccarat_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_bjbonuspairs_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_bjhighlimit_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_bjsingledeck_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_boardbabe_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_cashcruise_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_casinowar_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_coolbanana_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_deuceswild_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_europeanroulette_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_firedrake_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_flamingo_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_fruitparty_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_goannagold_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_goldenoasis_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_graveyardbash_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_hotjokerpoker_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_hotroller_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_job_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_junglerumble_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_kangacash_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_kookakeno_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_lir_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_logo_cover.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_magicman_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_mhvp_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_paigow_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_pc_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_pcp_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_piggypayback_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_predator_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_reddog_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_safecrackerkeno_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_sfw_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_silvercity_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_superjoker_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_supermystic_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_superstar_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_sweethawaii_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_tcp_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_tod_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\blackjack\bjbar_vegasclub_icon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c0_5.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c1.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c10.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c100.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c100k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c10k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c1k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c25.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c250.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c25k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c2_5k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c5.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c50.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c500.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c500k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c50k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\c5k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\action_button.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\action_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\action_pending_panel.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\autostand.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\away_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\backcard.bmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\bj_check.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\blackjack.wav
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\card_pointer.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\card_pointer.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\check_box.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip100_button.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip1_button.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip25_button.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip500_button.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip5_button.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\chip_pointer.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\clear_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\deal_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\double_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\first_hand.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\first_hand.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\game_topbar_pff.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\hit_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\iam_back_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\insurance.wav
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\last_of_all.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\leave_seat_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\looser.rgn
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\looser_popup.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\mpbj_deck.bmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerbj.dll
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerblackjack\mpbj_table.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerblackjack\mpbj_trny_table.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerblackjack\version.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\number_circle.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\player_area.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\push.wav
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\repeatbet_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\result_bj.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\result_bust.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\result_push.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\result_won.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\sittingout_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\skip_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\split.wav
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\split_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\stand_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\steppedout_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\surrender_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\take_seat_button.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\title_tourneybuyin.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\trny_player_area.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\trny_watcher_area.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\version.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\watcher_area.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\winner.rgn
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\winners_closebutton.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\multiplayerbj\winners_popup.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc0_5.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc1.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc10.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc100.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc100k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc10k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc1k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc25.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc250.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc25k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc2_5k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc5.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc50.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc500.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc500k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc50k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cardgames\rc5k.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\cashout_midbg.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\chf.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\czk.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\dkk.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\eur.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\format.ini
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\gbp.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\hkd.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\huf.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\ils.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\inr.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\jpy.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\krw.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\myr.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\nok.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\nzd.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\php.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\pln.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\ron.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\rur.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\sek.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\sgd.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\skk.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\thb.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\trny_buyin_botbg.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\try.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\twd.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\usd.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\games\zar.png
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\lhn_ani_refresh.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\lhn_bar_jackpot_numbers.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\lhn_bar_jackpot_numbers_small.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Language\en_US\Images\lobbyconfig.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\pc_uninstall.bat
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\sys.ini
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop10.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop10.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop11.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop11.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop2e.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop2E.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop2f.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop2F.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop31.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop31.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop32.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop32.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop33.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop33.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop4c.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop4C.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop4d.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop4D.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop6f.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop6F.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop8.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop8.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop9.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop9.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop91.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\pop91.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\popc4.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\popC4.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\popc6.htm
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\Temp\popC6.tmp
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12174.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12176.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12180.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12182.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12184.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\12186.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\2.html
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\4.html
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\6460.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\6728.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\6734.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Articles\6752.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070427\Table 126227_1304866.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070427\Table 127033_1305943.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070428\Table 126138_1304763.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070429\Table 126198_1304829.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070501\Table 126089_1304714.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070503\Table 128116_1312010.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070504\Table 126762_1305477.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070513\Table 126993_1305902.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070520\Table 127026_1305936.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\jb281\20070524\Speed #1330841_1330841.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\tonydrewus99\20070522\Speed #1330809_1330809.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HandHistory\tonydrewus99\20070522\Table 126169_1304800.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\468x60_DefaultBanner.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\728x90_DefaultBanner.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\buyin_popup_okbg.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\Cashier_button.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\lhn_ani_refresh.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\lhn_bar_jackpot_numbers_small.gif
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\pp_logo_small.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\strip.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\system_but_bingo.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\system_but_gammon.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\images\titlebar_chip.jpg
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10437.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10571.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10573.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10577.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10579.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10581.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10617.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10625.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10627.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10655.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10657.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10659.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10699.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10719.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10749.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10751.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\10753.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12741.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12743.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12815.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12821.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12845.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12871.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12875.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\12879.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\2.html
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\4.html
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\42428.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\42430.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46346.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46374.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46390.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46424.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\46432.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48248.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48252.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48260.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48262.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48340.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48478.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48514.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48640.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48738.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48790.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48794.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48812.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48814.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\48816.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50708.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50712.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50752.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50754.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50756.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50766.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50782.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50824.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50828.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50890.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50900.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50902.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50904.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50906.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50908.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50918.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50930.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50938.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50940.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50942.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50950.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\50986.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52708.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52758.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52774.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52776.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52864.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52874.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52876.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\52880.atc

 

[jb281]

and the final section.

C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54708.html
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54716.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54718.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54724.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54750.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54752.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54754.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54768.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54770.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54776.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54786.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54794.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54810.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54814.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54816.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54820.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54832.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54834.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54866.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54870.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54872.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54876.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54914.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\54966.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55004.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55012.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55034.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55064.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55066.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55070.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55126.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55136.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55162.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55170.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\55172.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\56724.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\6331.html
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\6333.html
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\8321.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Language\en_US\articles\8325.atc
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Notes.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Sys.ini
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\tmpUpgrade\INSTALL.LOG
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\tmpUpgrade\upgradepp107-108man.exe
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\tmpUpgrade\upgradepp108-109man.exe
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\tmpUpgrade\upgradepp109-110man.exe
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\TourneyDescription.html
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\Uninstall.exe
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\usertab.txt
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\IMAGES
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\DE_DE
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\DE_DE\IMAGES
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\ARTICLES
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES\CARDGAMES
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES\CARDGAMES\BLACKJACK
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES\CARDGAMES\MULTIPLAYERBJ
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\LANGUAGE\EN_US\IMAGES\GAMES\CARDGAMES\MULTIPLAYERBJ\MULTIPLAYERBLACKJACK
C:\PROGRAM FILES\PARTYGAMING\PARTYCASINO\TEMP
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\ARTICLES
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070427
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070428
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070429
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070501
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070503
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070504
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070513
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070520
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\JB281\20070524
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\TONYDREWUS99
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\HANDHISTORY\TONYDREWUS99\20070522
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\IMAGES
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\LANGUAGE
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\LANGUAGE\EN_US
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\LANGUAGE\EN_US\ARTICLES
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\TEMP
C:\PROGRAM FILES\PARTYGAMING\PARTYPOKER\TMPUPGRADE

Registry entries detected
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-189098154-448506743-1987660969-1006\SOFTWARE\PARTYGAMING\PARTYPOKER


Adware.SecToolbar Toolbar more information...
Status: Deleted

Files detected
C:\Documents and Settings\Bowsie\Desktop\SmitfraudFix\WS2Fix.exe


next step anyone?

 

[dvk01]

ok

run combofix again so I can see its latest report

 

[jb281]

ok, here's the next combofix log.

ComboFix 07-11-08.1 - Bowsie 2007-11-08 22:53:28.2 - NTFSx86
Running from: C:\Documents and Settings\Bowsie\Local Settings\Temporary Internet Files\Content.IE5\9OFD3KDY\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Bowsie\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Bowsie\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Bowsie\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\htrdbpmm.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 16:06 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-11-08 16:04 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Sunbelt Software
2007-11-08 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-08 16:02 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-06 23:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-01 21:19 <DIR> d-------- C:\WINDOWS\pss
2007-10-29 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-29 18:12 164 --a------ C:\install.dat
2007-10-29 17:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-29 17:03 4,578 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 16:12 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-28 22:24 85,056 --a------ C:\WINDOWS\system32\uvgcbfyf.dll.ren
2007-10-25 16:21 84,544 --a------ C:\WINDOWS\system32\llqsyyqk.dll.ren
2007-10-25 16:21 295 --a------ C:\WINDOWS\system32\kqyysqll.ini.ren
2007-10-25 16:17 345,832 ---hs---- C:\WINDOWS\system32\mpsru.bak2
2007-10-24 15:49 693,637 --a------ C:\WINDOWS\system32\sailipxg.ini.ren
2007-10-24 15:49 84,544 --a------ C:\WINDOWS\system32\gxpilias.dll.ren
2007-10-24 09:56 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\AVG7
2007-10-24 09:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-23 19:54 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-22 16:40 693,421 --a------ C:\WINDOWS\system32\oivnpxhw.ini.ren
2007-10-22 16:40 86,080 --a------ C:\WINDOWS\system32\whxpnvio.dll.ren
2007-10-22 16:27 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Simply Super Software
2007-10-22 15:12 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Tenebril
2007-10-22 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-10-22 14:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-10-22 14:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-10-21 18:46 693,835 --a------ C:\WINDOWS\system32\vikidsue.ini.ren
2007-10-20 08:57 340,032 --a------ C:\WINDOWS\system32\oyksugpw.dll
2007-10-20 08:52 320,875 --a------ C:\WINDOWS\system32\mpsru.bak2.ren
2007-10-19 20:28 293,345 --a------ C:\WINDOWS\system32\mpsru.bak1.ren
2007-10-19 20:27 302,273 --ahs---- C:\WINDOWS\system32\mpsru.ini.ren
2007-10-19 15:21 <DIR> dr-h----- C:\Documents and Settings\Bowsie\Application Data\SecuROM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 23:01 34,360 ----a-w C:\WINDOWS\system32\drivers\sbapifs.sys
2007-11-08 16:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-01 21:59 --------- d-----w C:\Program Files\Symantec
2007-11-01 21:01 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\uTorrent
2007-10-30 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-19 15:22 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\Sports Interactive
2007-10-19 15:16 --------- d-----w C:\Program Files\Sports Interactive
2007-10-04 14:37 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-30 19:17 --------- d--h--w C:\Program Files\Zero G Registry
2007-09-30 17:40 --------- d-----w C:\Program Files\DivX
2007-09-30 17:37 --------- d-----w C:\Program Files\PPMate
2007-09-30 17:37 --------- d-----w C:\Program Files\InterActual
2007-09-30 17:32 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\ppstream
2007-09-30 17:25 --------- d-----w C:\Program Files\PartyGaming
2007-09-26 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-20 18:04 --------- d-----w C:\Program Files\MSN Messenger
2007-09-15 19:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Symantec
2007-09-11 15:48 --------- d-----w C:\Program Files\LimeWire
.

((((((((((((((((((((((((((((( [email protected]_23.29.39.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-08 16:04:11 19,230 ----a-r C:\WINDOWS\Installer\{A5CC3E6E-CAC7-4D47-A5C8-743E549890D5}\ARPPRODUCTICON.exe
+ 2006-10-30 11:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys
+ 2005-11-02 11:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll
+ 2005-11-02 11:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll
+ 2003-02-21 07:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE
- 2006-07-20 12:24:38 14,872 ----a-w C:\WINDOWS\system32\SBBD.exe
+ 2007-08-27 11:26:10 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe
+ 2005-11-02 11:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll
+ 2006-06-22 15:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 19:26]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
"NDSTray.exe"="NDSTray.exe" []
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 09:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-01 21:58]
"CFSServ.exe"="CFSServ.exe" []
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 05:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-03 17:28]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:48]
"8894d9c7"="rundll32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\htrdbpmm]
htrdbpmm.dll

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys
R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys
S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537b34a1-4455-11d9-b92b-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2265a3-42cb-11d9-85f1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba791153-4395-11d9-8be1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a9faf0-41df-11d9-a140-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-08 23:04:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-28 23:11:54 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bowsie.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 2.job"
"2005-09-15 15:56:33 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 23:01:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 23:06:58 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-07 23:32
.
--- E O F ---

 

[dvk01]

Open Notepad and copy and paste the text in the code box below into it:

Files::
C:\WINDOWS\system32\uvgcbfyf.dll.ren
C:\WINDOWS\system32\llqsyyqk.dll.ren
C:\WINDOWS\system32\kqyysqll.ini.ren
C:\WINDOWS\system32\mpsru.bak2
C:\WINDOWS\system32\sailipxg.ini.ren
C:\WINDOWS\system32\gxpilias.dll.ren
C:\WINDOWS\system32\oivnpxhw.ini.ren
C:\WINDOWS\system32\whxpnvio.dll.ren
C:\WINDOWS\system32\vikidsue.ini.ren
C:\WINDOWS\system32\oyksugpw.dll
C:\WINDOWS\system32\mpsru.bak2.ren
C:\WINDOWS\system32\mpsru.bak1.ren
C:\WINDOWS\system32\mpsru.ini.ren
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8894d9c7"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\htrdbpmm]

Save the attached CFScript.txt to desktop

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

 

[jb281]

ok here's the combofix.txt.

ComboFix 07-11-08.1 - Bowsie 2007-11-09 17:41:36.3 - NTFSx86
Running from: C:\Documents and Settings\Bowsie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bowsie\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-08 23:10 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-08 23:10 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-08 16:06 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-11-08 16:04 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Sunbelt Software
2007-11-08 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-08 16:02 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-06 23:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-01 21:19 <DIR> d-------- C:\WINDOWS\pss
2007-10-29 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-29 18:12 164 --a------ C:\install.dat
2007-10-29 17:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-29 17:03 4,578 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 16:12 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-28 22:24 85,056 --a------ C:\WINDOWS\system32\uvgcbfyf.dll.ren
2007-10-25 16:21 84,544 --a------ C:\WINDOWS\system32\llqsyyqk.dll.ren
2007-10-25 16:21 295 --a------ C:\WINDOWS\system32\kqyysqll.ini.ren
2007-10-25 16:17 345,832 ---hs---- C:\WINDOWS\system32\mpsru.bak2
2007-10-24 15:49 693,637 --a------ C:\WINDOWS\system32\sailipxg.ini.ren
2007-10-24 15:49 84,544 --a------ C:\WINDOWS\system32\gxpilias.dll.ren
2007-10-24 09:56 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\AVG7
2007-10-24 09:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-24 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-23 19:54 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-22 16:40 693,421 --a------ C:\WINDOWS\system32\oivnpxhw.ini.ren
2007-10-22 16:40 86,080 --a------ C:\WINDOWS\system32\whxpnvio.dll.ren
2007-10-22 16:27 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Simply Super Software
2007-10-22 15:12 <DIR> d-------- C:\Documents and Settings\Bowsie\Application Data\Tenebril
2007-10-22 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-10-22 14:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-10-22 14:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-10-21 18:46 693,835 --a------ C:\WINDOWS\system32\vikidsue.ini.ren
2007-10-20 08:57 340,032 --a------ C:\WINDOWS\system32\oyksugpw.dll
2007-10-20 08:52 320,875 --a------ C:\WINDOWS\system32\mpsru.bak2.ren
2007-10-19 20:28 293,345 --a------ C:\WINDOWS\system32\mpsru.bak1.ren
2007-10-19 20:27 302,273 --ahs---- C:\WINDOWS\system32\mpsru.ini.ren
2007-10-19 15:21 <DIR> dr-h----- C:\Documents and Settings\Bowsie\Application Data\SecuROM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 17:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-01 21:59 --------- d-----w C:\Program Files\Symantec
2007-11-01 21:01 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\uTorrent
2007-10-30 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-19 15:22 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\Sports Interactive
2007-10-19 15:16 --------- d-----w C:\Program Files\Sports Interactive
2007-10-04 14:37 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-30 19:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-30 19:17 --------- d--h--w C:\Program Files\Zero G Registry
2007-09-30 17:40 --------- d-----w C:\Program Files\DivX
2007-09-30 17:37 --------- d-----w C:\Program Files\PPMate
2007-09-30 17:37 --------- d-----w C:\Program Files\InterActual
2007-09-30 17:32 --------- d-----w C:\Documents and Settings\Bowsie\Application Data\ppstream
2007-09-30 17:25 --------- d-----w C:\Program Files\PartyGaming
2007-09-26 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-20 18:04 --------- d-----w C:\Program Files\MSN Messenger
2007-09-15 19:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Symantec
2007-09-11 15:48 --------- d-----w C:\Program Files\LimeWire
2007-09-07 11:27 53,248 ----a-w C:\WINDOWS\system32\unrar.dll
2007-08-27 11:26 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( [email protected]_23.29.39.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-08 16:04:11 19,230 ----a-r C:\WINDOWS\Installer\{A5CC3E6E-CAC7-4D47-A5C8-743E549890D5}\ARPPRODUCTICON.exe
+ 2006-10-30 11:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys
+ 2005-11-02 11:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll
+ 2005-11-02 11:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll
+ 2003-02-21 07:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE
+ 2005-11-02 11:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll
+ 2006-06-22 15:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 19:26]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
"NDSTray.exe"="NDSTray.exe" []
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 09:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-01 21:58]
"CFSServ.exe"="CFSServ.exe" []
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 05:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-03 17:28]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys
R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys
S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537b34a1-4455-11d9-b92b-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2265a3-42cb-11d9-85f1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba791153-4395-11d9-8be1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a9faf0-41df-11d9-a140-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 17:27:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-28 23:11:54 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bowsie.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-09-15 15:56:32 C:\WINDOWS\Tasks\Registration reminder 2.job"
"2005-09-15 15:56:33 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 17:45:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 17:47:14
C:\ComboFix2.txt ... 2007-11-08 23:06
C:\ComboFix3.txt ... 2007-11-07 23:32
.
--- E O F ---

 

[jb281]

and the new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:40, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nufc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 10271 bytes

 

[dvk01]

for some reason it didn't delete any of the files it was set to

I have just edited my previous post to remove a blank line aat teh start which might have been the problem

please try it again

 

[jb281]

ok did it again. here's the hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:57, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nufc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 10151 bytes