Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BIG TROUBLE [RESOLVED]


  • This topic is locked This topic is locked

#16
Chron8891

Chron8891

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Deckard's System Scanner v20071014.68
Run by David on 2008-05-14 21:36:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as David.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:19 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\David\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\David.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B1986074-C01F-4544-896A-8F036B08A724} - C:\WINDOWS\system32\geBrRIYO.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204587399750
O20 - AppInit_DLLs: C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4519 bytes

-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-13 22:05:38 93184 --a------ C:\WINDOWS\system32\olaorobb.dll
2008-05-13 22:02:38 2048 --a------ C:\WINDOWS\system32\utcgupis.exe
2008-05-13 22:00:03 109568 --a------ C:\WINDOWS\system32\cynrwtqw.dll
2008-05-13 01:30:17 0 d-------- C:\Documents and Settings\David\Application Data\Mozilla
2008-05-12 23:49:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-12 01:06:42 0 d-------- C:\Documents and Settings\David\Application Data\Google
2008-05-11 22:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-11 19:57:03 0 d-------- C:\Documents and Settings\David\Application Data\Malwarebytes
2008-05-11 19:26:22 0 d-------- C:\Documents and Settings\David\Contacts
2008-05-11 16:12:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 16:12:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 15:51:06 0 d-------- C:\Documents and Settings\David\Application Data\Macromedia
2008-05-08 20:08:27 0 d-------- C:\WINDOWS\ERUNT
2008-05-08 19:53:24 0 d-------- C:\Documents and Settings\David\Application Data\Adobe
2008-05-08 19:46:39 0 d-------- C:\Documents and Settings\David\Application Data\Identities
2008-05-08 19:45:36 0 dr------- C:\Documents and Settings\David\Favorites
2008-05-08 19:45:36 0 d-------- C:\Documents and Settings\David\Desktop
2008-05-08 19:45:36 0 d---s---- C:\Documents and Settings\David\Cookies
2008-05-08 19:45:36 0 dr-h----- C:\Documents and Settings\David\Application Data
2008-05-08 19:45:35 0 d--h----- C:\Documents and Settings\David\Templates
2008-05-08 19:45:35 0 dr------- C:\Documents and Settings\David\Start Menu
2008-05-08 19:45:35 0 dr-h----- C:\Documents and Settings\David\SendTo
2008-05-08 19:45:35 0 dr-h----- C:\Documents and Settings\David\Recent
2008-05-08 19:45:35 0 d--h----- C:\Documents and Settings\David\PrintHood
2008-05-08 19:45:35 0 d--h----- C:\Documents and Settings\David\NetHood
2008-05-08 19:45:35 0 dr------- C:\Documents and Settings\David\My Documents
2008-05-08 19:45:35 0 d--h----- C:\Documents and Settings\David\Local Settings
2008-05-08 19:45:34 1048576 --ah----- C:\Documents and Settings\David\NTUSER.DAT
2008-05-08 19:16:52 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-08 19:16:52 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-08 19:16:52 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-08 19:16:52 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-08 19:16:52 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-08 19:16:50 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-08 19:16:50 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-08 19:16:50 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-08 19:16:50 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-08 16:05:10 0 d-------- C:\Program Files\Trend Micro
2008-05-08 16:02:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-08 16:02:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-08 16:00:43 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-08 01:47:45 0 d-------- C:\Program Files\Full Tilt Poker
2008-05-08 00:31:18 0 d-------- C:\Program Files\HoldemInspector2
2008-05-05 16:51:17 0 d-------- C:\Program Files\PartyGaming
2008-05-05 12:34:22 0 d-------- C:\WINDOWS\pss
2008-05-04 18:26:16 0 d-------- C:\Program Files\Java
2008-05-04 18:25:43 0 d-------- C:\Program Files\Common Files\Java
2008-05-04 18:21:34 0 d-------- C:\Program Files\FrostWire
2008-05-04 18:21:22 0 d-------- C:\Program Files\AskSBar
2008-05-03 18:37:11 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-02 19:05:57 0 d-------- C:\Program Files\PartyGaming.Net


-- Find3M Report ---------------------------------------------------------------

2008-05-11 22:42:36 0 d-------- C:\Program Files\Google
2008-05-08 02:18:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 22:26:29 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-04 18:25:43 0 d-------- C:\Program Files\Common Files
2008-04-07 10:34:26 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 05:56:59 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-07 05:55:21 0 d-------- C:\Program Files\Windows Live Favorites
2008-04-04 01:58:55 0 d-------- C:\Program Files\Windows Live
2008-04-04 01:55:47 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-29 16:38:28 0 d-------- C:\Program Files\Defender Pro
2008-03-03 15:58:23 0 -rahs---- C:\MSDOS.SYS
2008-03-03 15:58:23 0 -rahs---- C:\IO.SYS
2008-03-03 15:58:23 0 --a------ C:\CONFIG.SYS
2008-03-03 15:58:23 0 --a------ C:\AUTOEXEC.BAT
2008-03-03 15:54:48 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-03 08:46:53 62 --ahs---- C:\Documents and Settings\David\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1986074-C01F-4544-896A-8F036B08A724}]
C:\WINDOWS\system32\geBrRIYO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [10/16/2002 06:24 AM C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/15/2002 11:18 AM]
"AVP"="C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe" [08/07/2007 04:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/11/2008 10:39:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide




-- End of Deckard's System Scanner: finished at 2008-05-14 21:37:00 ------------
  • 0

Advertisements


#17
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,936 posts
Hi, Chron8891 :)

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:Files to delete:C:\WINDOWS\system32\olaorobb.dll  C:\WINDOWS\system32\utcgupis.exe  C:\WINDOWS\system32\cynrwtqw.dll  Registry keys to delete:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1986074-C01F-4544-896A-8F036B08A724}

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please copy/paste the content of c:\avenger.txt into your reply along with a DSS main.txt log .
  • 0

#18
Chron8891

Chron8891

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\olaorobb.dll" not found!
Deletion of file "C:\WINDOWS\system32\olaorobb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\utcgupis.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\cynrwtqw.dll" not found!
Deletion of file "C:\WINDOWS\system32\cynrwtqw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1986074-C01F-4544-896A-8F036B08A724}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#19
Chron8891

Chron8891

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Deckard's System Scanner v20071014.68
Run by David on 2001-12-31 14:26:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as David.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:36 PM, on 12/31/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\David.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204587399750
O20 - AppInit_DLLs: C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4407 bytes

-- Files created between 2001-11-30 and 2001-12-31 -----------------------------

2008-05-15 01:09:08 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2008-05-15 01:09:07 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2008-05-15 01:04:31 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-05-15 01:03:50 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-05-15 01:03:24 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-05-15 01:03:24 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-05-15 01:03:24 0 d---s---- C:\Documents and Settings\Guest\Cookies
2008-05-15 01:03:24 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-05-15 01:03:24 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-05-15 01:03:23 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-05-15 01:03:23 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-05-15 01:03:23 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-05-15 01:03:23 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-05-15 01:03:23 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-05-15 01:03:23 524288 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-05-15 01:03:23 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-05-15 01:03:23 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-05-15 01:03:23 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-05-15 00:10:20 0 d-------- C:\Program Files\Holdem Indicator
2008-05-14 20:41:35 1169 --a------ C:\WINDOWS\mozver.dat
2008-05-13 00:30:17 0 d-------- C:\Documents and Settings\David\Application Data\Mozilla
2008-05-12 22:49:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-12 00:06:42 0 d-------- C:\Documents and Settings\David\Application Data\Google
2008-05-11 21:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-11 18:57:03 0 d-------- C:\Documents and Settings\David\Application Data\Malwarebytes
2008-05-11 18:26:22 0 d-------- C:\Documents and Settings\David\Contacts
2008-05-11 15:12:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 15:12:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 14:51:06 0 d-------- C:\Documents and Settings\David\Application Data\Macromedia
2008-05-08 19:08:27 0 d-------- C:\WINDOWS\ERUNT
2008-05-08 18:53:24 0 d-------- C:\Documents and Settings\David\Application Data\Adobe
2008-05-08 18:46:39 0 d-------- C:\Documents and Settings\David\Application Data\Identities
2008-05-08 18:45:36 0 dr------- C:\Documents and Settings\David\Favorites
2008-05-08 18:45:36 0 d-------- C:\Documents and Settings\David\Desktop
2008-05-08 18:45:36 0 d---s---- C:\Documents and Settings\David\Cookies
2008-05-08 18:45:36 0 dr-h----- C:\Documents and Settings\David\Application Data
2008-05-08 18:45:35 0 d--h----- C:\Documents and Settings\David\Templates
2008-05-08 18:45:35 0 dr------- C:\Documents and Settings\David\Start Menu
2008-05-08 18:45:35 0 dr-h----- C:\Documents and Settings\David\SendTo
2008-05-08 18:45:35 0 dr-h----- C:\Documents and Settings\David\Recent
2008-05-08 18:45:35 0 d--h----- C:\Documents and Settings\David\PrintHood
2008-05-08 18:45:35 0 d--h----- C:\Documents and Settings\David\NetHood
2008-05-08 18:45:35 0 dr------- C:\Documents and Settings\David\My Documents
2008-05-08 18:45:35 0 d--h----- C:\Documents and Settings\David\Local Settings
2008-05-08 18:45:34 1048576 --ah----- C:\Documents and Settings\David\NTUSER.DAT
2008-05-08 18:16:52 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-08 18:16:52 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-08 18:16:52 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-08 18:16:52 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-08 18:16:52 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-08 18:16:50 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-08 18:16:50 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-08 18:16:50 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-08 18:16:50 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-08 18:16:50 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-08 18:16:50 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-08 18:16:50 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-08 18:16:50 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-08 18:16:50 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-08 15:05:10 0 d-------- C:\Program Files\Trend Micro
2008-05-08 15:02:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-08 15:02:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-08 15:00:43 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-08 00:47:45 0 d-------- C:\Program Files\Full Tilt Poker
2008-05-07 23:31:18 0 d-------- C:\Program Files\HoldemInspector2
2008-05-05 15:51:17 0 d-------- C:\Program Files\PartyGaming
2008-05-05 11:34:22 0 d-------- C:\WINDOWS\pss
2008-05-04 17:26:16 0 d-------- C:\Program Files\Java
2008-05-04 17:25:43 0 d-------- C:\Program Files\Common Files\Java
2008-05-04 17:21:34 0 d-------- C:\Program Files\FrostWire
2008-05-04 17:21:22 0 d-------- C:\Program Files\AskSBar
2008-05-03 17:37:11 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-02 18:05:57 0 d-------- C:\Program Files\PartyGaming.Net
2008-04-07 09:34:23 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 09:16:16 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-07 09:16:16 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-07 04:55:34 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-07 04:55:21 0 d-------- C:\Program Files\Windows Live Favorites
2008-04-04 01:01:12 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-04 00:48:14 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 00:47:01 0 d-------- C:\Program Files\Windows Live
2008-04-04 00:45:57 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-30 00:10:57 0 d-------- C:\Temp
2008-03-29 23:45:50 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 22:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-29 22:25:54 0 d-------- C:\Program Files\Google
2008-03-29 22:24:53 0 d-------- C:\WINDOWS\system32\Adobe
2008-03-29 15:39:00 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-29 15:39:00 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-29 15:38:28 0 d-------- C:\Program Files\Defender Pro
2008-03-29 15:38:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Defender Pro
2008-03-29 15:38:23 172576 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-29 15:38:23 8495904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-29 15:33:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-03 17:11:51 0 dr-h----- C:\$VAULT$.AVG
2008-03-03 17:04:34 0 d-------- C:\Program Files\Windows Defender
2008-03-03 17:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-03 16:44:27 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-03 16:37:19 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-03 16:01:24 0 d-------- C:\Program Files\Intel
2008-03-03 16:00:34 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-03 16:00:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 16:00:24 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-03 15:59:41 0 d-------- C:\Acer
2008-03-03 15:11:50 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-03 15:11:39 0 d-------- C:\WINDOWS\Prefetch
2008-03-03 15:11:38 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-03-03 15:11:37 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-03-03 15:11:37 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-03-03 15:11:37 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-03-03 15:11:37 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-03-03 15:11:37 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-03-03 15:11:23 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-03-03 15:11:23 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-03-03 15:11:23 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-03-03 15:11:23 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-03-03 15:11:23 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-03-03 15:07:18 0 d-------- C:\WINDOWS\system32\xircom
2008-03-03 15:07:17 0 d-------- C:\Program Files\microsoft frontpage
2008-03-03 15:07:12 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-03-03 15:02:12 0 d-------- C:\Program Files\HighMAT CD Writing Wizard
2008-03-03 15:02:07 0 d-------- C:\WINDOWS\Downloaded Installations
2008-03-03 14:58:41 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-03 14:58:23 0 -rahs---- C:\MSDOS.SYS
2008-03-03 14:58:23 0 -rahs---- C:\IO.SYS
2008-03-03 14:58:23 0 --a------ C:\CONFIG.SYS
2008-03-03 14:58:23 0 --a------ C:\AUTOEXEC.BAT
2008-03-03 14:56:52 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-03-03 14:56:38 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-03 14:56:38 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-03-03 14:56:21 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-03 14:55:56 0 d-------- C:\WINDOWS\system32\DirectX
2008-03-03 14:55:25 0 d---s---- C:\WINDOWS\Tasks
2008-03-03 14:55:24 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-03 14:55:21 0 d-------- C:\WINDOWS\srchasst
2008-03-03 14:55:20 0 d-------- C:\WINDOWS\system32\Macromed
2008-03-03 14:55:14 0 d-------- C:\Program Files\Movie Maker
2008-03-03 14:55:07 0 d-------- C:\WINDOWS\system32\Restore
2008-03-03 14:54:48 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-03 14:54:28 0 d-------- C:\WINDOWS\Registration
2008-03-03 14:53:42 0 d-------- C:\Program Files\Online Services
2008-03-03 14:53:35 0 d-------- C:\Program Files\Messenger
2008-03-03 14:53:32 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-03 14:52:55 0 d-------- C:\Program Files\Windows NT
2008-03-03 14:52:52 0 d-------- C:\WINDOWS\system32\MsDtc
2008-03-03 14:52:51 0 d-------- C:\WINDOWS\system32\Com
2008-03-03 07:47:26 0 d--hs---- C:\WINDOWS\Installer
2008-03-03 07:47:24 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-03 07:47:21 0 dr------- C:\Program Files
2008-03-03 07:47:21 0 d-------- C:\Program Files\Common Files
2008-03-03 07:47:21 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-03 07:46:53 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-03-03 07:46:53 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-03-03 07:46:53 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-03-03 07:46:53 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-03-03 07:46:53 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-03-03 07:46:53 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-03-03 07:46:53 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-03-03 07:46:53 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-03-03 07:46:53 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-03-03 07:46:53 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-03-03 07:46:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-03-03 07:46:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-03-03 07:46:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-03-03 07:46:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-03-03 07:46:53 0 dr------- C:\Documents and Settings\All Users\Documents
2008-03-03 07:46:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-03-03 07:46:37 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-03-03 07:46:37 0 d-------- C:\WINDOWS\system32\CatRoot
2008-03-03 07:46:31 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-03-03 07:46:31 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-03-03 07:46:31 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-03-03 07:46:31 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-03-03 07:46:12 0 d--hs---- C:\System Volume Information
2008-03-03 07:46:12 0 d-------- C:\Documents and Settings
2008-03-03 07:39:07 0 d-------- C:\WINDOWS
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\WinSxS
2008-03-03 07:39:07 0 dr------- C:\WINDOWS\Web
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\twain_32
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\wins
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\wbem
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\usmt
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\spool
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\ShellExt
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\Setup
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\ras
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\oobe
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\npp
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\mui
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\inetsrv
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\IME
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\icsxml
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\ias
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\export
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\drivers
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-03-03 07:39:07 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\dhcp
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\config
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\3076
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\2052
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\1054
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\1042
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\1041
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\1037
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\1033
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\1031
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\1028
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system32\1025
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\system
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\security
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\Resources
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\repair
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\Provisioning
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\PeerNet
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\pchealth
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\mui
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\msapps
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\msagent
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\Media
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\java
2008-03-03 07:39:07 0 d--h----- C:\WINDOWS\inf
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\ime
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\Help
2008-03-03 07:39:07 0 dr--s---- C:\WINDOWS\Fonts
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\Driver Cache
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\Debug
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\Cursors
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\Connection Wizard
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\Config
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\AppPatch
2008-03-03 07:39:07 0 d-------- C:\WINDOWS\addins
2007-05-14 15:09:46 204800 --a------ C:\WINDOWS\system32\klogon.dll <Not Verified; Defender Pro; Defender Pro Anti-Virus>
2007-03-09 20:58:06 25734 --a------ C:\WINDOWS\system32\drivers\klop.dat
2006-12-22 11:28:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2004-07-14 22:34:06 16896 --a------ C:\WINDOWS\system32\mscorier.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>
2003-02-20 17:16:34 32768 --a------ C:\WINDOWS\system32\netfxperf.dll <Not Verified; Microsoft Corporation; Microsoft ® .NET Framework>
2003-02-20 17:09:14 106496 --a------ C:\WINDOWS\system32\mscories.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>


-- Find3M Report ---------------------------------------------------------------

2008-03-03 07:46:53 62 --ahs---- C:\Documents and Settings\David\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [10/16/2002 05:24 AM C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/15/2002 10:18 AM]
"AVP"="C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe" [08/07/2007 03:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 10:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/11/2008 9:39:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide




-- End of Deckard's System Scanner: finished at 2001-12-31 14:31:56 ------------
  • 0

#20
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,936 posts
Hi, Chron8891 :)

The log looks clear. How is the computer doing?
  • 0

#21
Chron8891

Chron8891

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It seems to be doing alot better.
Thank you so much. I really appreciate it.
If I have any more problems I know where I'm coming for help.
Once again I can't thank you enough.

Much appreciated, Chron8891 :)
  • 0

#22
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,936 posts
Hi, Chron8891. :)

Congratulations.Posted Image

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Download and run the OTCleanIt by OldTimer. A restart is necessary to complete the process.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Create a Restore point:
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  • Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet...prevention.html .
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Best wishes! Posted Image
  • 0

#23
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,936 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP