Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WINDOWS XP -HJT/DDS LOGS


  • This topic is locked This topic is locked
45 replies to this topic

#1 nonna

nonna

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:03:21 PM

Posted 25 May 2009 - 10:50 PM

Hello

This is my story to date.

My computer is nearly 6 years old and has been used by lots of different people over those years and no maintenance has ever really been done other that McAfee scans and the usual windows firewall.

The problem started a couple of weeks ago when I brought a HP Printer. The printer didn't work so I contacted HP Support. The gentleman from HP Support has had me installing, uninstalling, going into my files and deleting certain files, downloading, turning off the firewall and lots of other things.

My computer then started really slowing down and it was taking literally hours to download. I started posting here and some of my issues were being resolved but other issues were also being created. I was getting error message pops, there was a problem with windows installer. I downloaded the latest service pack 3, I have tried to delete a lot of software programs that are not recommended in your uninstall list. Basically I have been trying to clean up my computer and at the same time trying to do what the gentleman from HP tells me to do to try to get my printer to work.

Now I keep getting those microsoft messages, the one that say windows has encounted a problem and needs to shut down. As soon as I start up I get one in relation to the Generic Host Process for Win32 Services. I get another one when I try to do a system restore and to make matters even worse when I go to start-run-and enter msconfig, it's not there, another error message.

I will post the DDS.txt log below as requested and I have zipped the attach.txt and uploaded it.

I really do appreciate your time and the help that you have given me in trying to resolve my issues.

This is a wonderful forum and it hasn't been all doom and gloom you helped me solve a nasty issue with my son's computer.

I will await your response and once again thankyou for your time and efforts.

Cheers


Nonna




DDS (Ver_09-05-14.01) - NTFSx86
Run by The Family at 6:41:59.82 on Tue 26/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.255.48 [GMT 9.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3 MobileBroadband\3 MobileBroadband.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\The Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://au.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!7
uDefault_Page_URL = hxxp://au.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No File
TB: {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: { - c:\program files\platinumplay\casinogame.exe
IE: {10AF9CE8-3E8C-40eb-9972-AB4F3CEF43A8} - c:\casino\casino vendome\casino.exe
IE: {150035AF-0AA9-4b61-B83A-D07E13429017} - c:\program files\platinumplay\casinogame.exe
IE: {2C0C09B8-AF12-45ad-9C01-C22B6A5A40A1} - c:\program files\desertdollar\casinogame.exe
IE: {40B2063F-DB01-4962-BE63-59435C01283C} - c:\progra~1\vcpoke~1\client.exe
IE: {4E975845-1BA1-495E-95A3-2698978E3D4B} - c:\program files\bingonova lobby\osix.exe
IE: {57BA65C1-57B3-40d3-A40A-A52042945370} - c:\program files\grandbaympc\MPC.exe
IE: {65E04475-3298-4fc4-9636-962E9A17BD59} - c:\program files\fortuneroomviper\casinogame.exe
IE: {706D44BD-4DCE-4d0a-A554-781C9340B68B} - c:\program files\havanaclub\casinogame.exe
IE: {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - c:\program files\pokertimempp\MPPoker.exe
IE: {7F52819D-3B06-42FC-BECC-8AFB9E97D6F9} - c:\program files\bingonova85\bingo.exe
IE: {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - c:\progra~1\pacifi~1\pacificpoker.exe
IE: {9A315457-791D-4dec-AFB0-9E7ACFF4B506} - c:\program files\piggspeakmpp\MPPoker.exe
IE: {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubmpp\MPPoker.exe
IE: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\cdpoker\casino.exe
IE: {AFCA8905-936B-4aeb-A99C-6B35F596B7A3} - c:\program files\vegasvilla\casinogame.exe
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\partygaming\partycasino\RunCasino.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {D9BE040A-93CF-4cff-921E-F1D6AE024034} - c:\program files\grandbaympp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E62162AE-729F-4110-8A35-A2B50BBF77E2} - c:\program files\vegastowers\casinogame.exe
IE: {F5B5A190-EADF-49d9-A90D-52B236C05E63} - c:\program files\riverbellempc\MPC.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - c:\program files\starluck casino\bin\IEExtension_SL.dll
IE: {6F477182-DE4F-4326-ACE3-3110A676771B} - {6F477182-DE4F-4326-ACE3-3110A676771B} - c:\program files\planetluck casino\bin\IEExtension_PL.dll
IE: {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - c:\program files\bin\IEExtension_PB.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: bellerockgaming.com\secure
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1077607243890
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} - hxxp://www.riverbelle.co.uk/download_helper/Nyoko.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - hxxp://download-ak.systemsoap.com/ssoap/pptproactauthsmakamai/systemsoappro.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/02bc290e45b469f41c21/netzip/RdxIE601.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/SassCln.CAB
DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {AED98630-0251-4E83-917D-43A23D66D507} - hxxp://activex.microgaming.com/DLhelper/version7/dlhelper.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D27CDB6E-AE6D-C1AF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://arthurian.microgaming.com/arthurian/FlashAX.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4333/mcfscan.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_12_0.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - hxxp://www.wildtangent.com/install/wdriver/racing/dodgespeedway/microsoft/wtinst.cab
TCP: {1E8DC550-6DBC-4DBB-B870-5B8B3B01FB65} = 10.176.66.71 10.188.66.103
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thefam~1\applic~1\mozilla\firefox\profiles\b5rzmvj9.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-14 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 72944]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2004-3-5 106586]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2003-9-29 237657]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-9-29 69706]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-7-29 14095]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
S2 Ca533av;Dual Mode Video Camera Device;c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2002-11-22 220079]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 7408]
S3 USBCamera;Dual Mode Still Camera Device;c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]

=============== Created Last 30 ================

2009-05-25 16:30 <DIR> --d----- c:\program files\QUAD Utilities
2009-05-25 10:12 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-05-24 18:07 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-24 18:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 18:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-22 23:00 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-22 23:00 1,409 a------- c:\windows\QTFont.for
2009-05-22 20:51 <DIR> --d----- c:\docume~1\thefam~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-21 20:06 <DIR> --d-h--- c:\windows\PIF
2009-05-20 07:44 <DIR> --d----- c:\program files\Absolute Poker
2009-05-20 07:44 <DIR> --d----- c:\program files\_uninstallation_info
2009-05-19 22:30 <DIR> --d----- c:\documents and settings\the family\java_data
2009-05-19 14:49 <DIR> --d----- c:\docume~1\thefam~1\applic~1\Malwarebytes
2009-05-19 14:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-18 10:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-18 10:42 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-14 14:43 <DIR> --d----- c:\docume~1\thefam~1\applic~1\OpenOffice.org
2009-05-14 14:40 <DIR> --d----- c:\program files\JRE
2009-05-14 14:40 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-05-13 18:34 3,221,241 a------- c:\program files\onlinevegascasino.exe
2009-05-13 14:50 90,177 a------- c:\windows\hpqins11.dat
2009-05-13 09:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-13 09:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-13 09:42 <DIR> --d----- c:\docume~1\thefam~1\applic~1\SUPERAntiSpyware.com
2009-05-10 19:09 <DIR> --d----- c:\program files\SlotPower
2009-05-10 17:59 <DIR> --d----- c:\program files\IrishLuck
2009-05-08 14:13 <DIR> --d----- c:\program files\VegasRegalCasino
2009-05-08 01:53 <DIR> --d----- c:\program files\FortuneReelCasino
2009-05-06 16:02 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-05-06 16:02 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-05-06 16:02 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-05-06 16:02 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-05-06 16:02 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-06 16:02 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-05-06 16:02 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-05-06 16:02 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-05-06 16:02 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-05-06 12:10 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-06 12:10 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-05-06 12:10 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-05-06 11:10 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-05-06 11:09 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-05-06 11:09 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-05-06 11:09 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2009-05-06 11:09 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-05-06 10:42 <DIR> --d----- c:\docume~1\thefam~1\applic~1\PacificPoker
2009-04-26 23:20 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2009-03-28 09:37 0 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2009-03-21 23:36 989,696 a------- c:\windows\system32\kernel32(2)(2).dll
2009-03-08 03:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 03:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 03:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 03:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 03:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 03:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 03:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 03:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 03:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 23:52 284,160 a------- c:\windows\system32\pdh.dll
2008-04-11 11:41 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2006-11-13 14:44 28,672 a------- c:\program files\New Microsoft Publisher Document.pub
2006-09-29 19:41 66 a------- c:\docume~1\thefam~1\applic~1\tvmdmns.dll
2005-10-06 16:06 4,096 a------- c:\documents and settings\the family\log.dat
2005-09-15 20:02 63,640 a------- c:\docume~1\thefam~1\applic~1\GDIPFONTCACHEV1.DAT
2003-08-27 13:09 24,576 a------- c:\program files\AppTerminate.exe
2001-07-29 18:59 96,256 a------- c:\program files\UnGins.exe

============= FINISH: 6:43:01.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:51 AM

Posted 26 May 2009 - 01:28 AM

Hi nonna,



Step1

Please disable Windows Defender real time protection. or it will interfere.
  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.

Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
c:\docume~1\thefam~1\applic~1\tvmdmns.dll 

Folder::
c:\program files\fortuneroomviper
c:\program files\pokertimempp
c:\poker\cdpoker
C:\POKER\TITAN POKER
c:\docume~1\thefam~1\applic~1\PacificPoker
C:\PROGRAM FILES\ZEARCHING BAR

DDS::
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No File
TB: {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
IE: { - c:\program files\platinumplay\casinogame.exe
IE: {10AF9CE8-3E8C-40eb-9972-AB4F3CEF43A8} - c:\casino\casino vendome\casino.exe
IE: {150035AF-0AA9-4b61-B83A-D07E13429017} - c:\program files\platinumplay\casinogame.exe
IE: {2C0C09B8-AF12-45ad-9C01-C22B6A5A40A1} - c:\program files\desertdollar\casinogame.exe
IE: {65E04475-3298-4fc4-9636-962E9A17BD59} - c:\program files\fortuneroomviper\casinogame.exe
IE: {706D44BD-4DCE-4d0a-A554-781C9340B68B} - c:\program files\havanaclub\casinogame.exe
IE: {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - c:\program files\pokertimempp\MPPoker.exe
IE: {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - c:\progra~1\pacifi~1\pacificpoker.exe
IE: {9A315457-791D-4dec-AFB0-9E7ACFF4B506} - c:\program files\piggspeakmpp\MPPoker.exe
IE: {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubmpp\MPPoker.exe
IE: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\cdpoker\casino.exe
IE: {AFCA8905-936B-4aeb-A99C-6B35F596B7A3} - c:\program files\vegasvilla\casinogame.exe
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\partygaming\partycasino\RunCasino.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {D9BE040A-93CF-4cff-921E-F1D6AE024034} - c:\program files\grandbaympp\MPPoker.exe
IE: {E62162AE-729F-4110-8A35-A2B50BBF77E2} - c:\program files\vegastowers\casinogame.exe
Trusted Zone: bellerockgaming.com\secure
DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - hxxp://www.wildtangent.com/install/wdriver/racing/dodgespeedway/microsoft/wtinst.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - hxxp://download-ak.systemsoap.com/ssoap/pptproactauthsmakamai/systemsoappro.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} - hxxp://www.riverbelle.co.uk/download_helper/Nyoko.cab

Registry::
[-HKEY_CLASSES_ROOT\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}]
[-HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}]
[-HKEY_CLASSES_ROOT\CLSID\{5B2CCE61-46CE-11D8-8734-0050FCF57E49}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B2CCE61-46CE-11d8-8734-0050FCF57E49}]
[-HKEY_CLASSES_ROOT\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}]


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step3

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply, please post back:


1.Combofix log
2.OTListIt.txt and Extra.txt Thanks

#3 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:03:21 PM

Posted 26 May 2009 - 11:11 AM

Hello Sundavis, :)

How are you?

Ok, I have done everything that you have asked me to do, took a while but I finally got there. The logs are posted below.

PS: My son says thankyou, his laptop is up and running perfectly.

I will await your response, many thanks

Cheers

Nonna
:thumbup2:

COMBOFIX LOG:

ComboFix 09-05-25.A2 - The Family 27/05/2009 1:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.255.52 [GMT 9.5:30]
Running from: c:\documents and settings\The Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The Family\Desktop\CFScript.txt
* Resident AV is active


FILE ::
"c:\docume~1\thefam~1\applic~1\tvmdmns.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\thefam~1\applic~1\PacificPoker
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\american_express.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\aproved.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\BACK_TO_HIS_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\BACK_TO_HIS_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\BACK_TO_HIS_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\BACK_TO_HIS_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\bankdraft.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\bonus.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\bonus2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\canceled_by_user.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\cashout_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\cashout_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\cashout_headline.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\cashout_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\cashout_strip.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\cashout_title.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\cashout_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\check.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\decline.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\dep_wire.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\deposit_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\deposit_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\deposit_headline.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\deposit_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\deposit_strip.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\deposit_title.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\deposit_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\dinersclub.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\fax.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\FirePay.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\Font_Date_History.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\Font_History.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\FontLDig.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\games_list_sentence.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\games_list_strip.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\Hist_Plate.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\HistoryLobby_BG.jpg
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\jp_history.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\lobby_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\lobby_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\lobby_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\lobby_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\logo_tour_multiple.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\logo_tour_sit_and_go.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\lose.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\mastercard.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\multiple_tour_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\multiple_tour_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\multiple_tour_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\my_tournaments_strip.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\novus.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\OHLP_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\OHLP_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\OHLP_title.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\OHLP_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\online.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\pagedown_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\pagedown_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\pagedown_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\pagedown_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\pageup_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\pageup_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\pageup_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\pageup_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\paid.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\phone.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\poker_strip.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\poker_strip_.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\poker_strip_headline_.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\processd.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\SCS_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\SCS_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\SCS_title.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\SCS_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\SCSHL_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\SCSHL_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\SCSHL_title.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\SCSHL_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\sit_and_go_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\sit_and_go_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\sit_and_go_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\Strip.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\Strip_Tour.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\Strip_tournament.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\StripTournamentName.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\time_font.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\time2lotto.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\visa.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\void.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\waiting.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\western.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\GameHist\media\wire.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Icons\16x16_game.ico
c:\docume~1\thefam~1\applic~1\PacificPoker\Icons\16x16_tour.ico
c:\docume~1\thefam~1\applic~1\PacificPoker\Icons\coin.ico
c:\docume~1\thefam~1\applic~1\PacificPoker\Icons\cube.ico
c:\docume~1\thefam~1\applic~1\PacificPoker\Icons\logo.ico
c:\docume~1\thefam~1\applic~1\PacificPoker\Icons\PokerOnNet.ico
c:\docume~1\thefam~1\applic~1\PacificPoker\Icons\Ring_Game.ico
c:\docume~1\thefam~1\applic~1\PacificPoker\Icons\Tour_Game.ico
c:\docume~1\thefam~1\applic~1\PacificPoker\Icons\Tour_lobby.ico
c:\docume~1\thefam~1\applic~1\PacificPoker\Localization\countries_flags.iss
c:\docume~1\thefam~1\applic~1\PacificPoker\Localization\ecinw.iss
c:\docume~1\thefam~1\applic~1\PacificPoker\Localization\ecinw_Demo.iss
c:\docume~1\thefam~1\applic~1\PacificPoker\Localization\m.iss
c:\docume~1\thefam~1\applic~1\PacificPoker\Localization\Pl.iss
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeck0.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeck1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeck2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeck3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeck4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeck5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeck6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeckBW0.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeckBW1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeckBW2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeckBW3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeckBW4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeckBW5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\4colorDeckBW6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\backcard1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\backcard2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\backcard3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\backcard4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall1_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall2_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall3_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\BackCardSmall4_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\table10_0.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\table10_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\table10_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\table10_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\table8_0.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\table8_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\table8_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\table8_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar10_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar11_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar12_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar13_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar14_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar15_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar16_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar17_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar18_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar19_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar20_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar21_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Pokerex\media\TableAvatar22_9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\888logo_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Arrowdisable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Arrowdown.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Arrowhover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Arrowup.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar0.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar10.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar11.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar12.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar13.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar14.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar15.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar16.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar17.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar18.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar19.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar20.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar21.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar22.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar5.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar6.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar7.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar8.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\avatar9.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackCardSmall0.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackCardSmall1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackCardSmall2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackCardSmall3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackCardSmall4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGr-1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGr-2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGr0.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGr1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGr2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGr3.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGr4.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGround0.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGround1.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\BackGround2.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\ButGame_alt.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\ButGame_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\ButGame_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\ButGraphics_alt.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\ButGraphics_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\ButGraphics_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\ButSound_alt.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\ButSound_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\ButSound_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\canceldown.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\cancelhover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\cancelup.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Card.wav
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\checkalt.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\checkdisable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\checkdown.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\checkSound.wav
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\checkup.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Chips.wav
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\chipsLong.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Congratulations.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\DEALING_FLOP_F.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\DEALING_FLOP_M.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\DEALING_RIVER_F.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\DEALING_RIVER_M.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\DEALING_TURN_F.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\DEALING_TURN_M.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Fold.wav
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\FolderOptionBtn_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\FolderOptionBtn_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\FolderOptionBtn_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\HHOptionsBkgr.jpg
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\jet.wav
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\JOIN_US_AGAIN_PCP_F.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\JOIN_US_AGAIN_PCP_M.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\mask.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\NEW_PLAYER_AT_TABLE_F.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\NEW_PLAYER_AT_TABLE_M.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\OkCancelBtn_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\OkCancelBtn_hover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\OkCancelBtn_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\okdown.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\okhover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\okup.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\POPUP_MSG.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\PushBut.wav
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Radiodisable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Radiodown.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Radioup.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\remove_mask.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\restoredown.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\restorehover.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\restoreup.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\Settings_bg.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\TimerPing.wav
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\TimerPingLong.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\U_WIN_F.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\U_WIN_M.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\view2dRacetrack_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\view2dRacetrack_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\view2dRacetrack_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\view3dClassic_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\view3dClassic_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\view3dClassic_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\view3dEnhanced_disable.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\view3dEnhanced_down.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\view3dEnhanced_up.bmp
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\WEL_PCP_GL_F.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Settings\Media\WEL_PCP_GL_M.mp3
c:\docume~1\thefam~1\applic~1\PacificPoker\Utils\logo.ico
c:\docume~1\thefam~1\applic~1\tvmdmns.dll
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102bigsmile_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102birthday_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102cheers_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102flo_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102good_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102jump_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102king_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102lough_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102luf_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102smile_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102smiled_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102sor_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102thanx_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\033102uhu_1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\040103ahh_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\040103wow_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\040104_emi2_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\042102_1134_112_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\050103big_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\050103gig_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\050103hm_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\050103nomail_emoti_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\050103norm_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema15_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema16_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema17_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema18_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema19_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema20_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema21_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema24_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema25_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema26_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema30_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema33_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\060104_ema34_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\062802hippi_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\062802jumpie_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\080402argh_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\080402oops_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\080402ouch_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\082502no_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\082502yes_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_boring1_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_confused_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_crying_ugly_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_fantastic_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_feel_better_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_gimme_break_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_heehee_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_hlopaet_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_ign_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_lol_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_no_comment_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_peace_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_smashing_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\110103_talk2thehand_prv.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\block_sm.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\block_sm2.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\block_smli.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\block_smli2.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\blocked.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\blocked2.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_add-but.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_back-but.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_left_cut_enabled_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_left_enabled_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_left_pressed_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_middle_enabled_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_middle_pressed_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_right_cut_enabled_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_right_enabled_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\btn_right_pressed_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\business_promo.htm
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\buttondir.txt
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\components.cdf
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\css_cattree.css
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\css2_main.css
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\css2_pagingmodule.css
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\css2_topbuttons.css
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\delete.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\edit_clear_sound.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\edit_fs.htm
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\edit_select.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-511724-9595.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-511724-9696.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-511745-514279.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-bcards.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-ecards.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-emoticons.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-estationery.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-funny.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-help.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-images.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-info.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-more.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-my.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-new.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-new2.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-options.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-people.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-photo.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-tell.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-temp.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-text.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-voice.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-def.cdf
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-premium-email-premium.mnu
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\email-t1-bg.res
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\estatationery.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\fs3.htm
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\hotbar_promo.htm
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_checked_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_close_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_close_pressed_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_edit_preview.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_edit_send.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_flash_preview.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_recently_used.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_remove_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_remove_pressed_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_sand-clock2.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_tell_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_tell_pressed_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_tree_null.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_unchecked_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\icon_unchecked_pressed_1.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\img_barlayout.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\img_barlayout2.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\img_barlayout4.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\img_corner_left.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\img_local_logo.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\js2_basetemplate.js
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\js2_hbgroups.js
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\js2_hbobject3.js
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\js2_hbobjectset3.js
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\js2_hotbarwrapper.js
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\js2_iteratorsandreaders3nf.js
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\js2_pagingmoduleobj3.js
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\js2_texts3.js
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\js2_xmltree3nf.js
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\layout.cdf
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\linkpathlegal.txt
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\meetpeople.cdf
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\n.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\nav_b_2.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\nav_bb_2.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\nav_f_2.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\nav_ff_2.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\progress.res
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\searchbtn.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\submit.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tab_bg.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tab_bga.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tab_bgia.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tab_l.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tab_la.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tab_lia.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tab_r.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tab_ra.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tab_ria.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tree_dots.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tree_minus.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\tree_plus.gif
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\treedata_animations.xml
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\treedata_backgrounds.xml
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\treedata_ecards.xml
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\treedata_emoticons.xml
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\treedata_notifiers.xml
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\2\treedata_text.xml
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\business_promo.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\buttondir.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\code.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\email-def.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\email-t1-bg.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\hotbar_promo.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\images.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\layout.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\linkpathlegal.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\localcontent.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\meetpeople.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\progress.xip
c:\documents and settings\JOANNE LORIA\Application Data\Hotbar\v3.0\HostOL\static\DownLoad\treexml.xip
c:\documents and settings\The Family\Local Settings\Temporary Internet Files\Tvm.log
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\IE4 Error Log.txt
c:\windows\patch.exe
c:\windows\system32\rpcss(3)(3).dll

.
((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 04:00 . 2009-05-06 01:36 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4798169E-57A8-4EBB-94A9-897BA46E82EE}\mpengine.dll
2009-05-25 12:38 . 2009-05-06 01:36 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-25 12:05 . 2009-05-25 12:05 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-25 11:44 . 2009-05-25 11:44 -------- d-----w c:\program files\Windows Defender
2009-05-25 00:42 . 2009-05-25 00:42 3584 ----a-r c:\documents and settings\The Family\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-05-25 00:42 . 2009-05-25 00:42 -------- d-----w c:\program files\Windows Installer Clean Up
2009-05-24 08:37 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 08:37 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 08:37 . 2009-05-24 08:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-22 11:21 . 2009-05-22 11:21 -------- d-----w c:\documents and settings\The Family\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-22 11:21 . 2009-05-22 11:19 38200 ----a-w c:\documents and settings\The Family\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-22 11:19 . 2009-05-22 11:19 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-21 10:36 . 2009-05-21 10:36 -------- d--h--w c:\windows\PIF
2009-05-19 22:14 . 2009-05-26 04:06 -------- d-----w c:\program files\Absolute Poker
2009-05-19 22:14 . 2009-05-19 22:14 -------- d-----w c:\program files\_uninstallation_info
2009-05-19 13:00 . 2009-05-19 13:08 -------- d-----w c:\documents and settings\The Family\java_data
2009-05-19 05:19 . 2009-05-19 05:19 -------- d-----w c:\documents and settings\The Family\Application Data\Malwarebytes
2009-05-19 05:18 . 2009-05-19 05:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-18 01:15 . 2009-05-18 01:15 57344 ----a-w c:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-4781d510-n\Decora-SSE.dll
2009-05-18 01:15 . 2009-05-18 01:15 24064 ----a-w c:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-2a5c4884-n\Decora-D3D.dll
2009-05-18 01:15 . 2009-05-18 01:15 315392 ----a-w c:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-758d2572-n\jogl.dll
2009-05-18 01:15 . 2009-05-18 01:15 20480 ----a-w c:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-758d2572-n\jogl_awt.dll
2009-05-18 01:15 . 2009-05-18 01:15 114688 ----a-w c:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-758d2572-n\jogl_cg.dll
2009-05-18 01:15 . 2009-05-18 01:15 20480 ----a-w c:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-1ab85522-n\gluegen-rt.dll
2009-05-18 01:15 . 2009-05-18 01:15 499712 ----a-w c:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-355a0dee-n\msvcp71.dll
2009-05-18 01:15 . 2009-05-18 01:15 499712 ----a-w c:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-355a0dee-n\jmc.dll
2009-05-18 01:15 . 2009-05-18 01:15 348160 ----a-w c:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-355a0dee-n\msvcr71.dll
2009-05-18 01:12 . 2009-05-18 01:11 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-17 11:02 . 2009-05-23 02:27 117760 ----a-w c:\documents and settings\The Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-14 05:15 . 2009-05-24 01:39 1 ----a-w c:\documents and settings\The Family\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-14 05:13 . 2009-05-14 05:13 -------- d-----w c:\documents and settings\The Family\Application Data\OpenOffice.org
2009-05-14 05:10 . 2009-05-14 05:10 -------- d-----w c:\program files\JRE
2009-05-14 05:10 . 2009-05-14 05:10 -------- d-----w c:\program files\OpenOffice.org 3
2009-05-14 04:28 . 2009-05-14 04:29 309248 ----a-w c:\documents and settings\The Family\Application Data\Adobe\Acrobat\6.0\Updater\AdbeRdr70_enu_full.exe
2009-05-14 02:41 . 2009-05-14 02:41 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-05-13 09:04 . 2009-05-13 09:05 3221241 ----a-w c:\program files\onlinevegascasino.exe
2009-05-13 05:20 . 2009-05-13 05:23 90177 ----a-w c:\windows\hpqins11.dat
2009-05-13 00:13 . 2009-05-13 00:13 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-13 00:12 . 2009-05-19 02:21 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-13 00:12 . 2009-05-17 10:48 -------- d-----w c:\documents and settings\The Family\Application Data\SUPERAntiSpyware.com
2009-05-10 09:39 . 2009-05-15 23:30 -------- d-----w c:\program files\SlotPower
2009-05-10 08:29 . 2009-05-10 09:18 -------- d-----w c:\program files\IrishLuck
2009-05-08 04:43 . 2009-05-10 11:45 -------- d-----w c:\program files\VegasRegalCasino
2009-05-07 16:23 . 2009-05-10 15:41 -------- d-----w c:\program files\FortuneReelCasino
2009-05-07 08:38 . 2009-05-07 08:38 323856 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.339a969d902930975b3194643e289fc9.dll
2009-05-07 07:17 . 2009-05-07 07:17 213264 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll
2009-05-07 07:17 . 2009-05-07 07:17 348432 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.5bb25297e42b173d7ee73dcb3a8888c7.dll
2009-05-06 06:32 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-06 06:32 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-06 06:32 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-06 06:32 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-06 06:32 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-06 06:32 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-06 06:32 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-06 06:32 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-06 06:32 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-06 02:40 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-06 02:40 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-05-06 01:40 . 2008-01-24 21:22 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-05-06 01:39 . 2008-01-24 21:22 49920 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-05-06 01:39 . 2009-05-06 01:39 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-06 01:39 . 2008-01-24 21:23 271704 ----a-r c:\windows\system32\hpzids01.dll
2009-05-06 01:39 . 2007-10-20 08:55 118272 ----a-w c:\windows\system32\hpz3l5mu.dll
2009-05-06 01:39 . 2008-01-24 21:22 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-05-06 01:03 . 2009-05-06 01:03 -------- d-----w c:\documents and settings\The Family\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 02:32 . 2004-12-10 03:54 -------- d-----w c:\documents and settings\JOANNE LORIA\Application Data\ShopperReports
2009-05-25 00:54 . 2006-09-01 07:42 -------- d-----w c:\documents and settings\The Family\Application Data\Fortune Lounge Personal Messenger(2)
2009-05-25 00:52 . 2007-01-20 11:32 -------- d-----w c:\documents and settings\The Family\Application Data\Fortune Lounge Personal Messenger
2009-05-25 00:41 . 2006-11-13 03:34 -------- d-----w c:\program files\MSECACHE
2009-05-22 13:34 . 2003-07-11 16:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-22 13:31 . 2008-03-16 11:48 -------- d-----w c:\program files\QuickTime
2009-05-22 11:18 . 2003-07-30 12:54 -------- d-----w c:\program files\Common Files\Adobe
2009-05-22 10:21 . 2007-02-05 07:58 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-22 09:29 . 2003-07-11 16:08 -------- d-----w c:\program files\Java
2009-05-22 07:04 . 2004-05-02 22:03 -------- d-----w c:\program files\Real
2009-05-22 07:00 . 2004-05-02 22:04 -------- d-----w c:\program files\Common Files\Real
2009-05-18 06:26 . 2004-12-10 18:49 77576 ----a-w c:\documents and settings\The Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 01:34 . 2009-04-17 01:44 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-05-18 01:18 . 2004-08-15 04:04 -------- d-----w c:\program files\WildTangent
2009-05-17 18:10 . 2005-09-06 06:24 -------- d-----w c:\documents and settings\The Family\Application Data\Microgaming
2009-05-17 10:48 . 2003-11-01 22:50 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-14 04:28 . 2004-12-21 00:21 -------- d-----w c:\documents and settings\The Family\Application Data\AdobeUM
2009-05-06 01:13 . 2009-04-15 22:34 -------- d-----w c:\documents and settings\The Family\Application Data\GetRightToGo
2009-05-06 01:13 . 2009-04-16 08:25 -------- d-----w c:\documents and settings\The Family\Application Data\Planet23
2009-05-06 01:12 . 2009-04-17 11:18 -------- d-----w c:\documents and settings\The Family\Application Data\PacificPoker(2)
2009-05-06 01:09 . 2009-04-18 02:28 -------- d-----w c:\documents and settings\The Family\Application Data\PacificPoker(3)
2009-05-06 01:08 . 2009-04-18 07:29 -------- d-----w c:\documents and settings\The Family\Application Data\PacificPoker(4)
2009-05-06 01:03 . 2009-04-21 01:19 -------- d-----w c:\documents and settings\The Family\Application Data\RichCasino
2009-05-06 01:03 . 2009-04-21 01:19 -------- d-----w c:\documents and settings\All Users\Application Data\RichCasino
2009-05-06 01:02 . 2009-04-17 01:44 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-17 07:25 . 2009-04-17 02:06 -------- d-----w c:\documents and settings\The Family\Application Data\HP
2009-04-17 02:05 . 2009-04-17 02:05 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-09 13:27 . 2009-04-09 13:27 1904753 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2009-04-09 13:24 . 2009-04-09 13:24 1249399 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_tggg.a33335318f7b89139ecd4652b6e8c4b9.dll
2009-04-09 11:30 . 2009-04-09 11:30 524560 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll
2009-04-09 11:29 . 2009-04-09 11:29 307472 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_tggg.436ea9e59e2a2b9a2106e598920cba26.dll
2009-04-08 00:32 . 2009-04-08 00:24 -------- d-----w c:\documents and settings\The Family\Application Data\VTExtra
2009-03-28 12:22 . 2009-03-28 12:22 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-28 12:01 . 2009-03-28 12:01 508176 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_temp.556fffdfd1bc700038c0a1370a1eb004.dll
2009-03-28 12:01 . 2009-03-28 12:01 499984 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.4968e33b858e6c30beb0ac4b11a9c459.dll
2009-03-28 09:13 . 2009-03-28 09:13 367747 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
2009-03-28 08:48 . 2009-03-28 08:48 204905 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll
2009-03-28 07:26 . 2009-03-28 07:26 303376 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll
2009-03-28 07:26 . 2009-03-28 07:26 295184 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll
2009-03-28 07:26 . 2009-03-28 07:26 119056 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll
2009-03-28 01:26 . 2006-01-27 09:15 -------- d-----w c:\program files\Yahoo!
2009-03-28 01:16 . 2004-12-19 06:32 -------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-03-28 00:07 . 2008-03-16 11:56 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-03-27 00:36 . 2009-03-27 00:36 1181 ----a-w c:\windows\mozver.dat
2009-03-26 15:24 . 2009-03-26 15:24 32768 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2009-03-26 15:09 . 2009-03-26 15:09 409872 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus_temp.08605981adfd307c6b4a171bff0fc06e.dll
2009-03-26 15:09 . 2009-03-26 15:09 463120 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus.244de60f7c0c0169f0772e5811794d9e.dll
2009-03-26 14:50 . 2009-03-26 14:50 413696 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.9037a298ee3e59ea5a655d88569c2b77.dll
2009-03-21 14:06 . 2003-07-11 15:38 989696 ----a-w c:\windows\system32\kernel32(2)(2).dll
2009-03-07 18:04 . 2004-02-06 08:35 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-07 18:04 . 2003-07-11 15:38 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 18:03 . 2003-07-11 15:37 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 18:02 . 2003-07-11 15:37 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-07 18:02 . 2003-07-11 15:38 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 18:01 . 2003-07-11 15:38 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 18:01 . 2003-07-11 15:38 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 18:01 . 2003-07-11 15:38 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-07 17:52 . 2003-07-11 15:38 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-07-11 15:38 284160 ----a-w c:\windows\system32\pdh.dll
2006-11-13 05:14 . 2006-11-13 05:14 28672 ----a-w c:\program files\New Microsoft Publisher Document.pub
2003-08-27 03:39 . 2003-08-27 03:39 24576 ----a-w c:\program files\AppTerminate.exe
2001-07-29 09:29 . 2004-09-29 22:52 96256 ----a-w c:\program files\UnGins.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:35 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ntdel.exe mad.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk
backup=c:\windows\pss\Date Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk
backup=c:\windows\pss\PrecisionTime.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^The Family^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\The Family\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14/05/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14/05/2009 2:22 PM 72944]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [29/07/2003 2:27 PM 14095]
S2 Ca533av;Dual Mode Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [22/11/2002 2:22 AM 220079]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14/05/2009 2:22 PM 7408]
S3 USBCamera;Dual Mode Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - NaiAvFilter101

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:50]

2009-05-26 c:\windows\Tasks\User_Feed_Synchronization-{4079E384-7872-4ED0-838E-2CEB797CB4C0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:01]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://au.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: { - c:\program files\platinumplay\casinogame.exe
IE: {{40B2063F-DB01-4962-BE63-59435C01283C} - c:\progra~1\VCPOKE~1\client.exe
IE: {{4E975845-1BA1-495E-95A3-2698978E3D4B} - c:\program files\BingoNova Lobby\osix.exe
IE: {{57BA65C1-57B3-40d3-A40A-A52042945370} - c:\program files\grandbayMPC\MPC.exe
IE: {{7F52819D-3B06-42FC-BECC-8AFB9E97D6F9} - c:\program files\BingoNova85\bingo.exe
IE: {{F5B5A190-EADF-49d9-A90D-52B236C05E63} - c:\program files\riverbelleMPC\MPC.exe
IE: {{2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - c:\program files\Starluck Casino\bin\IEExtension_SL.dll
IE: {{6F477182-DE4F-4326-ACE3-3110A676771B} - {6F477182-DE4F-4326-ACE3-3110A676771B} - c:\program files\Planetluck Casino\bin\IEExtension_PL.dll
IE: {{9CDE474A-A688-48f4-8B49-55CFB2356A6F} - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - c:\program files\bin\IEExtension_PB.dll
TCP: {1E8DC550-6DBC-4DBB-B870-5B8B3B01FB65} = 10.188.66.103 10.176.66.71
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\The Family\Application Data\Mozilla\Firefox\Profiles\b5rzmvj9.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 01:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\InprocServer32]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs]
@DACL=(02 0000)
@="{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B2CCE61-46CE-11d8-8734-0050FCF57E49}\Implemented Categories]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B2CCE61-46CE-11d8-8734-0050FCF57E49}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Zearching bar\\zearching.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\ZangoToolbar\\Bin\\4.8.3.0\\ZbWallpaper.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\ProgID]
@DACL=(02 0000)
@="Wallpaper.WallpaperManager.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\TypeLib]
@DACL=(02 0000)
@="{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\VersionIndependentProgID]
@DACL=(02 0000)
@="Wallpaper.WallpaperManager"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs]
@DACL=(02 0000)
@="{A9571378-68A1-443d-B082-284F960C6D17}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib]
@DACL=(02 0000)
@="{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0]
@DACL=(02 0000)
@="Wallpaper 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\Wallpaper.WallpaperManager\CLSID]
@DACL=(02 0000)
@="{8109FD3D-D891-4F80-8339-50A4913ACE6F}"

[HKEY_LOCAL_MACHINE\software\Classes\Wallpaper.WallpaperManager\CurVer]
@DACL=(02 0000)
@="Wallpaper.WallpaperManager.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wallpaper.WallpaperManager.1\CLSID]
@DACL=(02 0000)
@="{8109FD3D-D891-4F80-8339-50A4913ACE6F}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-05-26 1:16
ComboFix-quarantined-files.txt 2009-05-26 15:45

Pre-Run: 50,981,187,584 bytes free
Post-Run: 51,974,582,272 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

931 --- E O F --- 2009-05-26 04:01


OTListIT2 - 2 logs

OTListIt Extras logfile created on: 27/05/2009 1:19:21 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\The Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

255.49 Mb Total Physical Memory | 57.90 Mb Available Physical Memory | 22.66% Memory free
456.04 Mb Paging File | 223.46 Mb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 38 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.43 Gb Free Space | 64.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 23.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOPRANOS
Current User Name: The Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/14 04:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
File not found -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/11/01 01:26:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2007/12/04 07:05:53 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/14 09:42:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
[2008/04/14 09:42:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®
[2008/04/14 04:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/05/18 10:41:51 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{35C73A54-1428-4893-B041-58AA594F4ACD}" = RedLightCenter
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{55A369BE-C40B-4699-99AD-0563A9D9C237}" = ArcSoft VideoImpression 1.6
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{797703D4-461B-4BC9-AACA-292917F3A47F}" = ArcSoft PhotoImpression
"{7A2459F3-718C-4D9D-BCF0-24F4BFF21823}" = Online Vegas Casino
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5460871-42FF-45CD-A634-01C755E9CEA1}" = ArcSoft PhotoBase 3
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{DCBD0769-BAD5-40AD-BCD9-68FADC5231D5}" = ArcSoft Funhouse
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"3 MobileBroadband" = 3 MobileBroadband
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BrainBooster" = BrainBooster (remove only)
"CdaC13Ba" = SafeCast Shared Components
"FortuneReelCasino" = Fortune Reel Casino
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InterActual Player" = InterActual Player
"IrishLuck" = Irish Luck Casino
"LimeWire" = LimeWire 4.14.12
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PrecisionTime" = PrecisionTime
"prime" = Prime Casino
"Shockwave" = Shockwave
"Underbelly" = Underbelly Screen Saver
"VegasRegalCasino" = Vegas Regal Casino
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviDDec" = XviD Decoder 1.0-Beta3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/05/2009 9:52:11 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 26/05/2009 9:52:24 AM | Computer Name = SOPRANOS | Source = Application Hang | ID = 1002
Description = Hanging application 3 MobileBroadband.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2009 9:52:24 AM | Computer Name = SOPRANOS | Source = Application Hang | ID = 1002
Description = Hanging application 3 MobileBroadband.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2009 9:53:06 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 10 seconds;

Error - 26/05/2009 9:54:26 AM | Computer Name = SOPRANOS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 26/05/2009 9:55:18 AM | Computer Name = SOPRANOS | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 26/05/2009 10:00:54 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 26/05/2009 10:59:38 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 10 seconds;

Error - 26/05/2009 11:06:45 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 15 seconds;

Error - 26/05/2009 11:38:19 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 20 seconds;

[ System Events ]
Error - 26/05/2009 9:54:22 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7000
Description = The Dual Mode Video Camera Device service failed to start due to the
following error: %%2

Error - 26/05/2009 10:00:55 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/05/2009 10:59:38 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McShield service.

Error - 26/05/2009 10:59:38 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 2 time(s).

Error - 26/05/2009 11:06:45 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 3 time(s).

Error - 26/05/2009 11:30:12 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 26/05/2009 11:38:19 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 4 time(s).

Error - 26/05/2009 11:38:58 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 5 time(s).

Error - 26/05/2009 11:41:58 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 26/05/2009 11:41:59 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.


< End of report >

OTListIt logfile created on: 27/05/2009 1:19:21 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\The Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

255.49 Mb Total Physical Memory | 57.90 Mb Available Physical Memory | 22.66% Memory free
456.04 Mb Paging File | 223.46 Mb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 38 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.43 Gb Free Space | 64.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 23.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOPRANOS
Current User Name: The Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/12/18 15:36:07 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2009/05/18 10:41:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/09/10 02:11:00 | 00,106,586 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2003/09/29 06:10:00 | 00,069,706 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
PRC - [2003/09/10 02:11:00 | 00,127,058 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2008/04/14 09:42:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009/03/26 11:52:17 | 00,110,592 | ---- | M] () -- C:\Program Files\3 MobileBroadband\3 MobileBroadband.exe
PRC - [2008/04/14 09:42:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/05/26 19:07:00 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Family\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/12/18 15:36:07 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - File not found -- -- (iPodService [On_Demand | Stopped])
SRV - [2009/05/18 10:41:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/09/10 02:11:00 | 00,106,586 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2003/09/29 06:10:00 | 00,237,657 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [Auto | Stopped])
SRV - [2003/09/29 06:10:00 | 00,069,706 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2003/10/06 13:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2003/06/19 15:30:18 | 00,752,764 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - File not found -- -- (catchme [Disabled | Running])
DRV - [2004/12/18 15:35:58 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
DRV - [2008/04/14 04:15:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/01/25 06:52:06 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2008/01/25 06:52:07 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2008/01/25 06:52:08 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2008/03/17 10:03:46 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])
DRV - [2002/10/15 00:00:00 | 00,013,891 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr [Boot | Running])
DRV - [2002/10/15 00:00:00 | 00,101,431 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr [Boot | Running])
DRV - [2003/12/17 08:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Stopped])
DRV - [2004/03/03 08:50:00 | 00,014,095 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LCcFltr.Sys -- (LCcfltr [On_Demand | Running])
DRV - [2003/12/17 08:50:00 | 00,025,505 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2 [On_Demand | Running])
DRV - [2004/03/03 08:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Running])
DRV - [2003/12/17 08:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2003/03/31 13:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2002/06/10 15:51:02 | 00,010,254 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LVBulk.sys -- (LVBulk [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 23:30:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2003/09/29 06:10:00 | 00,083,008 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Running])
DRV - [2004/02/09 12:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\NetMotCM.sys -- (ndiscm [On_Demand | Stopped])
DRV - [2003/10/06 13:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/22 02:22:42 | 00,220,079 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV551AV.sys -- (PID_0900_V [On_Demand | Stopped])
DRV - [2002/08/29 20:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/08 09:21:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/12/31 10:58:46 | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys -- (RTL8023 [On_Demand | Stopped])
DRV - [2004/04/13 20:14:12 | 00,070,144 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2004/08/04 15:01:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2009/05/14 14:22:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/05/14 14:22:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/05/14 14:22:00 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 19:55:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/14 04:15:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://au.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/19 11:51:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/22 22:58:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/22 20:48:33 | 00,000,000 | ---D | M]

[2009/05/12 09:25:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Family\Application Data\mozilla\Extensions
[2009/05/12 09:25:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Family\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/26 14:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Family\Application Data\mozilla\Firefox\Profiles\b5rzmvj9.default\extensions
[2009/05/26 18:51:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/12 09:24:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/19 11:51:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/24 15:30:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 15:30:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/05 01:06:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/06 04:17:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/05 01:06:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 19:05:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/23 04:44:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 13:38:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/29 03:41:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/05 01:06:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll File not found
O9 - Extra 'Tools' menuitem : StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll File not found
O9 - Extra Button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe File not found
O9 - Extra Button: BingoNova Lobby - {4E975845-1BA1-495E-95A3-2698978E3D4B} - C:\Program Files\BingoNova Lobby\osix.exe File not found
O9 - Extra 'Tools' menuitem : BingoNova Lobby - {4E975845-1BA1-495E-95A3-2698978E3D4B} - C:\Program Files\BingoNova Lobby\osix.exe File not found
O9 - Extra Button: Grand Bay MPC - {57BA65C1-57B3-40d3-A40A-A52042945370} - C:\Program Files\grandbayMPC\MPC.exe File not found
O9 - Extra Button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll File not found
O9 - Extra 'Tools' menuitem : PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll File not found
O9 - Extra Button: BingoNova - {7F52819D-3B06-42FC-BECC-8AFB9E97D6F9} - C:\Program Files\BingoNova85\bingo.exe File not found
O9 - Extra 'Tools' menuitem : BingoNova - {7F52819D-3B06-42FC-BECC-8AFB9E97D6F9} - C:\Program Files\BingoNova85\bingo.exe File not found
O9 - Extra Button: partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Program Files\bin\IEExtension_PB.dll File not found
O9 - Extra 'Tools' menuitem : partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Program Files\bin\IEExtension_PB.dll File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Riverbelle MPC - {F5B5A190-EADF-49d9-A90D-52B236C05E63} - C:\Program Files\riverbelleMPC\MPC.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: gemlobby.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: lazyjoker.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: madbonus.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: netgaming.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.microsoft.com/download/0/5...b?1077607243890 (MSSecurityAdvisor Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (Reg Error: Key error.)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-C1AF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://arthurian.microgaming.com/arthurian/FlashAX.cab (FlashXControl Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...333/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/12 01:23:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/03 09:37:56 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/03 09:37:56 | 00,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/27 01:00:20 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (ntdel.exe) - C:\WINDOWS\system32\ntdel.exe ()
O34 - HKLM BootExecute: (mad.dll) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/05/27 00:56:32 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/27 00:56:27 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/27 00:56:21 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/27 00:11:30 | 02,997,408 | R--- | C] () -- C:\Documents and Settings\The Family\Desktop\ComboFix.exe
[2009/05/26 19:14:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/26 19:14:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/26 19:14:16 | 00,154,624 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/05/26 19:14:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/26 19:14:16 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/26 19:14:16 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/26 19:14:16 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/26 19:14:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/26 19:13:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/26 19:08:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/26 19:04:57 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Family\Desktop\OTListIt2.exe
[2009/05/26 12:52:53 | 00,004,107 | ---- | C] () -- C:\Documents and Settings\The Family\Desktop\Attach.zip
[2009/05/25 21:33:11 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\The Family\Desktop\ChkReg.EXE
[2009/05/25 21:17:59 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/25 21:14:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/05/25 21:03:01 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\The Family\Desktop\WindowsDefender.msi
[2009/05/25 15:58:08 | 00,021,225 | R--- | C] () -- C:\Documents and Settings\The Family\My Documents\UNIDRV.hlp
[2009/05/25 11:46:36 | 00,021,225 | R--- | C] () -- C:\Documents and Settings\The Family\Desktop\UNIDRV.hlp
[2009/05/25 10:12:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/05/25 10:09:20 | 00,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\The Family\Desktop\msicuu2.exe
[2009/05/25 09:56:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\The Family\Desktop\5us4mw5w.exe
[2009/05/25 09:56:14 | 01,173,680 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\The Family\Desktop\5us4mw5w.exe.part
[2009/05/24 18:07:53 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/24 18:07:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/24 18:07:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/24 18:07:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/22 23:00:36 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/05/22 23:00:36 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/22 20:51:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/22 20:49:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/21 20:06:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/05/21 15:57:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\My Documents\Autoruns
[2009/05/20 08:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\My Documents\Virus Setups
[2009/05/20 07:45:17 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\The Family\Desktop\Absolute Poker.lnk
[2009/05/20 07:44:57 | 00,000,000 | ---D | C] -- C:\Program Files\Absolute Poker
[2009/05/20 07:44:52 | 00,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2009/05/19 14:49:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\Application Data\Malwarebytes
[2009/05/19 14:48:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/19 14:06:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\My Documents\HostsXpert
[2009/05/19 11:52:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\The Family\Desktop\VIRUS REMOVAL TOOLS
[2009/05/18 13:27:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\My Documents\Java Setup
[2009/05/18 01:59:18 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\The Family\Desktop\Shortcut to iexplore.lnk
[2009/05/17 20:19:28 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/17 19:49:35 | 06,367,264 | ---- | C] () -- C:\Documents and Settings\The Family\My Documents\SUPERAntiSpyware.exe
[2009/05/15 10:40:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\My Documents\Download setups
[2009/05/14 14:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\Application Data\OpenOffice.org
[2009/05/14 14:41:46 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2009/05/14 14:40:09 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/05/14 14:40:03 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/05/14 12:11:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/05/13 18:34:21 | 03,221,241 | ---- | C] () -- C:\Program Files\onlinevegascasino.exe
[2009/05/13 14:50:39 | 00,090,177 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
[2009/05/13 09:43:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/13 09:42:45 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/13 09:42:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\Application Data\SUPERAntiSpyware.com
[2009/05/12 08:57:09 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Internet Explorer.lnk
[2009/05/12 08:56:59 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/05/10 19:09:04 | 00,000,000 | ---D | C] -- C:\Program Files\SlotPower
[2009/05/10 17:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\IrishLuck
[2009/05/08 14:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\VegasRegalCasino
[2009/05/08 01:53:34 | 00,000,000 | ---D | C] -- C:\Program Files\FortuneReelCasino
[2009/05/06 16:02:14 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/06 16:02:13 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/06 16:02:13 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/06 16:02:13 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/06 16:02:12 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/06 16:02:12 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/06 16:02:11 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/06 16:02:11 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/06 16:02:11 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/06 12:10:57 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/06 12:10:56 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/06 12:10:56 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/06 11:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/05/06 10:33:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Family\Application Data\InstallShield
[2009/04/06 08:07:49 | 00,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2009/03/26 18:55:07 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/26 18:55:07 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/24 16:55:56 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/01/06 19:24:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/11/13 21:15:42 | 00,000,071 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2006/10/10 23:52:47 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crwcu.ini
[2005/08/12 14:06:55 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2005/06/10 22:32:24 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crwjb.ini
[2005/06/10 22:29:28 | 00,000,036 | ---- | C] () -- C:\WINDOWS\LFM.ini
[2005/01/18 15:24:35 | 00,000,148 | ---- | C] () -- C:\WINDOWS\System32\acmeinc.ini
[2005/01/18 15:24:35 | 00,000,116 | ---- | C] () -- C:\WINDOWS\System32\vxdtgm.ini
[2005/01/14 12:10:17 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crwlb.ini
[2005/01/14 11:46:59 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crw.ini
[2005/01/14 09:13:49 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crwca.ini
[2005/01/14 08:51:49 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crwbc.ini
[2005/01/14 08:23:25 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crwbl.ini
[2005/01/14 08:22:54 | 00,667,648 | ---- | C] () -- C:\WINDOWS\System32\jabbercom.dll
[2004/11/27 19:32:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/05/06 16:35:05 | 00,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/05/06 16:35:05 | 00,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/05/06 16:34:24 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/05/01 13:23:25 | 00,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2004/05/01 13:22:36 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PB_setup.ini
[2004/05/01 13:21:57 | 00,000,548 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/05/01 13:21:48 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/05/01 13:21:36 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2004/05/01 13:20:32 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/01/29 00:26:19 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX000119SOUNDDX3.dll
[2004/01/29 00:26:11 | 00,330,752 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX000119.dll
[2004/01/29 00:23:50 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll
[2004/01/29 00:23:43 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll
[2004/01/29 00:23:37 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll
[2004/01/06 13:30:13 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/12/09 12:16:52 | 00,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[2003/10/06 13:16:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/14 16:56:03 | 00,063,743 | ---- | C] () -- C:\WINDOWS\MSKNWRD.dll
[2003/08/25 15:12:56 | 00,000,101 | ---- | C] () -- C:\WINDOWS\viewer.ini
[2003/08/25 15:12:55 | 00,000,297 | ---- | C] () -- C:\WINDOWS\ENCARTA.INI
[2003/07/31 17:01:05 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/07/31 14:22:11 | 00,051,000 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2003/07/31 14:15:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/07/30 22:20:09 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003/07/30 22:01:39 | 00,294,912 | R--- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2003/07/30 22:01:38 | 00,290,816 | R--- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2003/07/30 22:01:38 | 00,278,528 | R--- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2003/07/30 22:01:38 | 00,278,528 | R--- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2003/07/30 22:01:38 | 00,278,528 | R--- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2003/07/30 22:01:38 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\lipl.dll
[2003/07/30 21:37:01 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2003/07/29 15:01:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/29 14:36:33 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/29 14:12:19 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/12 02:34:56 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/12 01:09:16 | 00,001,286 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/12 01:08:50 | 00,001,163 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/12 01:08:46 | 00,000,300 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/05/23 19:38:52 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/05/23 19:38:52 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/11/22 02:08:48 | 00,011,653 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Files - Modified Within 30 Days ==========

[15 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/27 01:17:18 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4079E384-7872-4ED0-838E-2CEB797CB4C0}.job
[2009/05/27 01:16:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/27 01:12:06 | 00,000,300 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/27 00:56:32 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/27 00:22:07 | 02,997,408 | R--- | M] () -- C:\Documents and Settings\The Family\Desktop\ComboFix.exe
[2009/05/26 23:30:55 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/26 23:26:53 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/26 23:24:33 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\The Family\Local Settings\desktop.ini
[2009/05/26 23:24:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/26 23:24:14 | 26,796,8512 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/26 19:07:00 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Family\Desktop\OTListIt2.exe
[2009/05/26 12:52:53 | 00,004,107 | ---- | M] () -- C:\Documents and Settings\The Family\Desktop\Attach.zip
[2009/05/25 21:33:55 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\The Family\Desktop\ChkReg.EXE
[2009/05/25 21:11:51 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\The Family\Desktop\WindowsDefender.msi
[2009/05/25 10:10:28 | 00,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\The Family\Desktop\msicuu2.exe
[2009/05/25 10:01:16 | 01,173,680 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\The Family\Desktop\5us4mw5w.exe.part
[2009/05/25 09:56:22 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\The Family\Desktop\5us4mw5w.exe
[2009/05/24 18:07:53 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/24 16:01:49 | 00,154,624 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/22 23:00:36 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/22 23:00:36 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/05/22 19:51:47 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/20 07:45:18 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\The Family\Desktop\Absolute Poker.lnk
[2009/05/19 11:53:48 | 00,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/19 11:04:22 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/05/18 09:17:59 | 00,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2009/05/18 01:59:18 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\The Family\Desktop\Shortcut to iexplore.lnk
[2009/05/17 20:19:28 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/17 20:16:16 | 06,367,264 | ---- | M] () -- C:\Documents and Settings\The Family\My Documents\SUPERAntiSpyware.exe
[2009/05/16 21:39:45 | 00,001,163 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/16 21:39:45 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/05/14 14:41:46 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2009/05/13 14:53:57 | 00,090,177 | ---- | M] () -- C:\WINDOWS\hpqins11.dat
[2009/05/12 09:25:08 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Internet Explorer.lnk
[2009/05/07 16:46:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/07 09:29:40 | 00,480,356 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/07 09:29:40 | 00,408,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/07 09:29:40 | 00,064,432 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/07 01:41:43 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\The Family\My Documents\stat dec.rtf:SummaryInformation
< End of report >

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:51 AM

Posted 26 May 2009 - 07:13 PM

Hi nonna,

I notice there is sign of one P2P (Person to Person) File Sharing Programs on your computer. Even if you are using a "safe" P2P program, it is only the program that is safe.
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
You are well advised to remove it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present..


LimeWire 4.14.12



Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Folder::
c:\Program Files\Zearching bar
c:\Program Files\ZangoToolbar

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\StubInstaller.exe"=-

RegLockDel:: 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B2CCE61-46CE-11d8-8734-0050FCF57E49}\Implemented Categories]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B2CCE61-46CE-11d8-8734-0050FCF57E49}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\Programmable]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0]
[HKEY_LOCAL_MACHINE\software\Classes\Wallpaper.WallpaperManager\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\Wallpaper.WallpaperManager\CurVer]
[HKEY_LOCAL_MACHINE\software\Classes\Wallpaper.WallpaperManager.1\CLSID]


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step2
  • Please start OTList2 on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :otli
    PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (Reg Error: Key error.)
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-C1AF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTLI2 will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.
Step3
  • Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from Here :
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close. Exit the program.
Step4

I notice you have MBAM installed in your system, Please rerun it as instructed in the following. Update your virus definitions before proceeding. If you can't update the program, you can download the virus definitions from Here and install manually.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Please post back the logs in your next reply.


1.Combofix log
2.OTList2 log
3.MBAM log

Tell me how your pc is running now.

Edited by sundavis, 26 May 2009 - 08:02 PM.


#5 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:03:21 PM

Posted 26 May 2009 - 07:49 PM

Hi Sundavis,

Thanks for letting me know that, I told my daughter that limewire was not good.

Although I looked on your uninstall database and I did see limewire there but not that version.

Where you ask me to remove it you say to go to control panel - programs and features. I don't have programs and features do I go to add/remove programs?

I will await your response before I continue with your instructions.

Cheers, many thanks

Nonna

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:51 AM

Posted 26 May 2009 - 08:00 PM

Hi Nonna,

I did see limewire there but not that version.

It's ok. just remove it.
Sorry. It's a wrong paste. :) It should be Click the Start Button > select Control Panel > Select Add or Remove Programs. :thumbup2:

#7 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:03:21 PM

Posted 26 May 2009 - 10:31 PM

Hi Sundavis

Ok, I hope I've got this right.

The CFScript log:

OTListIt Extras logfile created on: 27/05/2009 1:19:21 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\The Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

255.49 Mb Total Physical Memory | 57.90 Mb Available Physical Memory | 22.66% Memory free
456.04 Mb Paging File | 223.46 Mb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 38 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.43 Gb Free Space | 64.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 23.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOPRANOS
Current User Name: The Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/14 04:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
File not found -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/11/01 01:26:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2007/12/04 07:05:53 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/14 09:42:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
[2008/04/14 09:42:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®
[2008/04/14 04:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/05/18 10:41:51 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{35C73A54-1428-4893-B041-58AA594F4ACD}" = RedLightCenter
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{55A369BE-C40B-4699-99AD-0563A9D9C237}" = ArcSoft VideoImpression 1.6
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{797703D4-461B-4BC9-AACA-292917F3A47F}" = ArcSoft PhotoImpression
"{7A2459F3-718C-4D9D-BCF0-24F4BFF21823}" = Online Vegas Casino
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5460871-42FF-45CD-A634-01C755E9CEA1}" = ArcSoft PhotoBase 3
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{DCBD0769-BAD5-40AD-BCD9-68FADC5231D5}" = ArcSoft Funhouse
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"3 MobileBroadband" = 3 MobileBroadband
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BrainBooster" = BrainBooster (remove only)
"CdaC13Ba" = SafeCast Shared Components
"FortuneReelCasino" = Fortune Reel Casino
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InterActual Player" = InterActual Player
"IrishLuck" = Irish Luck Casino
"LimeWire" = LimeWire 4.14.12
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PrecisionTime" = PrecisionTime
"prime" = Prime Casino
"Shockwave" = Shockwave
"Underbelly" = Underbelly Screen Saver
"VegasRegalCasino" = Vegas Regal Casino
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviDDec" = XviD Decoder 1.0-Beta3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/05/2009 9:52:11 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 26/05/2009 9:52:24 AM | Computer Name = SOPRANOS | Source = Application Hang | ID = 1002
Description = Hanging application 3 MobileBroadband.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2009 9:52:24 AM | Computer Name = SOPRANOS | Source = Application Hang | ID = 1002
Description = Hanging application 3 MobileBroadband.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2009 9:53:06 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 10 seconds;

Error - 26/05/2009 9:54:26 AM | Computer Name = SOPRANOS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 26/05/2009 9:55:18 AM | Computer Name = SOPRANOS | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 26/05/2009 10:00:54 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 26/05/2009 10:59:38 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 10 seconds;

Error - 26/05/2009 11:06:45 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 15 seconds;

Error - 26/05/2009 11:38:19 AM | Computer Name = SOPRANOS | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 20 seconds;

[ System Events ]
Error - 26/05/2009 9:54:22 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7000
Description = The Dual Mode Video Camera Device service failed to start due to the
following error: %%2

Error - 26/05/2009 10:00:55 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/05/2009 10:59:38 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McShield service.

Error - 26/05/2009 10:59:38 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 2 time(s).

Error - 26/05/2009 11:06:45 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 3 time(s).

Error - 26/05/2009 11:30:12 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 26/05/2009 11:38:19 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 4 time(s).

Error - 26/05/2009 11:38:58 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 5 time(s).

Error - 26/05/2009 11:41:58 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 26/05/2009 11:41:59 AM | Computer Name = SOPRANOS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.


< End of report >

Next the OTList Log:

Error: Unable to interpret <otli> in the current context!
Error: Unable to interpret <PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {D27CDB6E-AE6D-C1AF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)> in the current context!
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\The Family\Local Settings\Temp\~DF9F8C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05272009_114808

Files moved on Reboot...
C:\Documents and Settings\The Family\Local Settings\Temp\~DF9F8C.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat not found!

Registry entries deleted on Reboot...

I did the Malwarebytes scan but I am still getting the error message, not as big as last but still problems. I did a screenshot and I have attached them for you to look at.

Cheers and many thanks

Nonna

Attached Files



#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:51 AM

Posted 26 May 2009 - 11:02 PM

Hi nonna,

Can i see the combofix log? You need to uninstall MBAM via Add/Remove Programs and redownlad Malwarebytes' Anti-Malware from Here or Here . Reinstall it and Rescan your computer.

After that, please post back a New HJT log, Combofix log and MBAM log. Thanks.

#9 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:03:21 PM

Posted 26 May 2009 - 11:25 PM

Hi Sundavis

How do I do the HJT log?

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:51 AM

Posted 26 May 2009 - 11:34 PM

Hi nonna,


Please download the self-extracting version of HijackThis from here
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default, it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Close any/all browser, messenger, mediaplayer, Office and mail client windows and applications.
  • Click on the Do a system scan only and press save log button. A text file will open.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Note:
Post all reports/logs directly into this topic,not as attachments or inside code boxes and In notepad under Format, uncheck "Word Wrap" if you selected. thanks.

#11 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:03:21 PM

Posted 26 May 2009 - 11:52 PM

ok, thanks sundavis

I must tell you that already my computer is running faster and when I just shut down and rebooted after uninstalling malwarebytes that Microsoft message in regards to the Generic Host Process that I posted earlier has gone!!!

I'm estatic, and thanks this is awesome.

Ok off to takle your next set of instructions.

Post again soon,

Cheers

Nonna

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:51 AM

Posted 26 May 2009 - 11:55 PM

:thumbup2:

#13 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:03:21 PM

Posted 27 May 2009 - 01:06 AM

Ok, here we are: unfortunately, same error messages appeared when doing MBAM as I posted in my last post!!

Nonna



COMBOFIX LOG:

ComboFix 09-05-26.02 - The Family 27/05/2009 15:00.3 - NTFSx86
Running from: c:\documents and settings\The Family\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 05:13 . 2009-05-26 03:50 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-27 05:13 . 2009-05-26 03:49 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-27 05:13 . 2009-05-27 05:13 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 02:18 . 2009-05-27 02:18 -------- d-----w C:\_OTListIt
2009-05-26 04:00 . 2009-05-06 01:36 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4798169E-57A8-4EBB-94A9-897BA46E82EE}\mpengine.dll
2009-05-25 12:38 . 2009-05-06 01:36 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-25 12:05 . 2009-05-25 12:05 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-25 11:44 . 2009-05-25 11:44 -------- d-----w c:\program files\Windows Defender
2009-05-25 00:42 . 2009-05-25 00:42 3584 ----a-r c:\documents and settings\The Family\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-05-25 00:42 . 2009-05-25 00:42 -------- d-----w c:\program files\Windows Installer Clean Up
2009-05-22 11:21 . 2009-05-22 11:21 -------- d-----w c:\documents and settings\The Family\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-22 11:21 . 2009-05-22 11:19 38200 ----a-w c:\documents and settings\The Family\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-22 11:19 . 2009-05-22 11:19 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-21 10:36 . 2009-05-21 10:36 -------- d--h--w c:\windows\PIF
2009-05-19 22:14 . 2009-05-26 04:06 -------- d-----w c:\program files\Absolute Poker
2009-05-19 22:14 . 2009-05-19 22:14 -------- d-----w c:\program files\_uninstallation_info
2009-05-19 13:00 . 2009-05-19 13:08 -------- d-----w c:\documents and settings\The Family\java_data
2009-05-19 05:19 . 2009-05-19 05:19 -------- d-----w c:\documents and settings\The Family\Application Data\Malwarebytes
2009-05-19 05:18 . 2009-05-19 05:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-18 01:12 . 2009-05-18 01:11 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-17 11:02 . 2009-05-23 02:27 117760 ----a-w c:\documents and settings\The Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-14 05:15 . 2009-05-24 01:39 1 ----a-w c:\documents and settings\The Family\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-14 05:13 . 2009-05-14 05:13 -------- d-----w c:\documents and settings\The Family\Application Data\OpenOffice.org
2009-05-14 05:10 . 2009-05-14 05:10 -------- d-----w c:\program files\JRE
2009-05-14 05:10 . 2009-05-14 05:10 -------- d-----w c:\program files\OpenOffice.org 3
2009-05-14 04:28 . 2009-05-14 04:29 309248 ----a-w c:\documents and settings\The Family\Application Data\Adobe\Acrobat\6.0\Updater\AdbeRdr70_enu_full.exe
2009-05-14 02:41 . 2009-05-14 02:41 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-05-13 09:04 . 2009-05-13 09:05 3221241 ----a-w c:\program files\onlinevegascasino.exe
2009-05-13 05:20 . 2009-05-13 05:23 90177 ----a-w c:\windows\hpqins11.dat
2009-05-13 00:13 . 2009-05-13 00:13 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-13 00:12 . 2009-05-19 02:21 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-13 00:12 . 2009-05-17 10:48 -------- d-----w c:\documents and settings\The Family\Application Data\SUPERAntiSpyware.com
2009-05-10 09:39 . 2009-05-15 23:30 -------- d-----w c:\program files\SlotPower
2009-05-10 08:29 . 2009-05-10 09:18 -------- d-----w c:\program files\IrishLuck
2009-05-08 04:43 . 2009-05-10 11:45 -------- d-----w c:\program files\VegasRegalCasino
2009-05-07 16:23 . 2009-05-10 15:41 -------- d-----w c:\program files\FortuneReelCasino
2009-05-07 08:38 . 2009-05-07 08:38 323856 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.339a969d902930975b3194643e289fc9.dll
2009-05-07 07:17 . 2009-05-07 07:17 213264 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll
2009-05-07 07:17 . 2009-05-07 07:17 348432 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.5bb25297e42b173d7ee73dcb3a8888c7.dll
2009-05-06 06:32 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-06 06:32 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-06 06:32 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-06 06:32 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-06 06:32 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-06 06:32 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-06 06:32 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-06 06:32 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-06 06:32 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-06 02:40 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-06 02:40 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-05-06 01:40 . 2008-01-24 21:22 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-05-06 01:39 . 2008-01-24 21:22 49920 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-05-06 01:39 . 2009-05-06 01:39 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-06 01:39 . 2008-01-24 21:23 271704 ----a-r c:\windows\system32\hpzids01.dll
2009-05-06 01:39 . 2007-10-20 08:55 118272 ----a-w c:\windows\system32\hpz3l5mu.dll
2009-05-06 01:39 . 2008-01-24 21:22 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-05-06 01:03 . 2009-05-06 01:03 -------- d-----w c:\documents and settings\The Family\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 01:13 . 2006-01-24 11:04 -------- d-----w c:\program files\LimeWire
2009-05-25 02:32 . 2004-12-10 03:54 -------- d-----w c:\documents and settings\JOANNE LORIA\Application Data\ShopperReports
2009-05-25 00:54 . 2006-09-01 07:42 -------- d-----w c:\documents and settings\The Family\Application Data\Fortune Lounge Personal Messenger(2)
2009-05-25 00:52 . 2007-01-20 11:32 -------- d-----w c:\documents and settings\The Family\Application Data\Fortune Lounge Personal Messenger
2009-05-25 00:41 . 2006-11-13 03:34 -------- d-----w c:\program files\MSECACHE
2009-05-22 13:34 . 2003-07-11 16:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-22 13:31 . 2008-03-16 11:48 -------- d-----w c:\program files\QuickTime
2009-05-22 11:18 . 2003-07-30 12:54 -------- d-----w c:\program files\Common Files\Adobe
2009-05-22 10:21 . 2007-02-05 07:58 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-22 09:29 . 2003-07-11 16:08 -------- d-----w c:\program files\Java
2009-05-22 07:04 . 2004-05-02 22:03 -------- d-----w c:\program files\Real
2009-05-22 07:00 . 2004-05-02 22:04 -------- d-----w c:\program files\Common Files\Real
2009-05-18 06:26 . 2004-12-10 18:49 77576 ----a-w c:\documents and settings\The Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 01:34 . 2009-04-17 01:44 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-05-18 01:18 . 2004-08-15 04:04 -------- d-----w c:\program files\WildTangent
2009-05-17 18:10 . 2005-09-06 06:24 -------- d-----w c:\documents and settings\The Family\Application Data\Microgaming
2009-05-17 10:48 . 2003-11-01 22:50 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-14 04:28 . 2004-12-21 00:21 -------- d-----w c:\documents and settings\The Family\Application Data\AdobeUM
2009-05-06 01:13 . 2009-04-15 22:34 -------- d-----w c:\documents and settings\The Family\Application Data\GetRightToGo
2009-05-06 01:13 . 2009-04-16 08:25 -------- d-----w c:\documents and settings\The Family\Application Data\Planet23
2009-05-06 01:12 . 2009-04-17 11:18 -------- d-----w c:\documents and settings\The Family\Application Data\PacificPoker(2)
2009-05-06 01:09 . 2009-04-18 02:28 -------- d-----w c:\documents and settings\The Family\Application Data\PacificPoker(3)
2009-05-06 01:08 . 2009-04-18 07:29 -------- d-----w c:\documents and settings\The Family\Application Data\PacificPoker(4)
2009-05-06 01:03 . 2009-04-21 01:19 -------- d-----w c:\documents and settings\The Family\Application Data\RichCasino
2009-05-06 01:03 . 2009-04-21 01:19 -------- d-----w c:\documents and settings\All Users\Application Data\RichCasino
2009-05-06 01:02 . 2009-04-17 01:44 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-17 07:25 . 2009-04-17 02:06 -------- d-----w c:\documents and settings\The Family\Application Data\HP
2009-04-17 02:05 . 2009-04-17 02:05 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-09 13:27 . 2009-04-09 13:27 1904753 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2009-04-09 13:24 . 2009-04-09 13:24 1249399 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_tggg.a33335318f7b89139ecd4652b6e8c4b9.dll
2009-04-09 11:30 . 2009-04-09 11:30 524560 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll
2009-04-09 11:29 . 2009-04-09 11:29 307472 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_tggg.436ea9e59e2a2b9a2106e598920cba26.dll
2009-04-08 00:32 . 2009-04-08 00:24 -------- d-----w c:\documents and settings\The Family\Application Data\VTExtra
2009-03-28 12:22 . 2009-03-28 12:22 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-28 12:01 . 2009-03-28 12:01 508176 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_temp.556fffdfd1bc700038c0a1370a1eb004.dll
2009-03-28 12:01 . 2009-03-28 12:01 499984 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.4968e33b858e6c30beb0ac4b11a9c459.dll
2009-03-28 09:13 . 2009-03-28 09:13 367747 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
2009-03-28 08:48 . 2009-03-28 08:48 204905 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll
2009-03-28 07:26 . 2009-03-28 07:26 303376 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll
2009-03-28 07:26 . 2009-03-28 07:26 295184 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll
2009-03-28 07:26 . 2009-03-28 07:26 119056 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll
2009-03-28 00:07 . 2008-03-16 11:56 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-03-27 00:36 . 2009-03-27 00:36 1181 ----a-w c:\windows\mozver.dat
2009-03-26 15:24 . 2009-03-26 15:24 32768 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2009-03-26 15:09 . 2009-03-26 15:09 409872 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus_temp.08605981adfd307c6b4a171bff0fc06e.dll
2009-03-26 15:09 . 2009-03-26 15:09 463120 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus.244de60f7c0c0169f0772e5811794d9e.dll
2009-03-26 14:50 . 2009-03-26 14:50 413696 ----a-w c:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.9037a298ee3e59ea5a655d88569c2b77.dll
2009-03-21 14:06 . 2003-07-11 15:38 989696 ----a-w c:\windows\system32\kernel32(2)(2).dll
2009-03-07 18:04 . 2004-02-06 08:35 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-07 18:04 . 2003-07-11 15:38 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 18:03 . 2003-07-11 15:37 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 18:02 . 2003-07-11 15:37 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-07 18:02 . 2003-07-11 15:38 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 18:01 . 2003-07-11 15:38 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 18:01 . 2003-07-11 15:38 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 18:01 . 2003-07-11 15:38 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-07 17:52 . 2003-07-11 15:38 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-07-11 15:38 284160 ----a-w c:\windows\system32\pdh.dll
2006-11-13 05:14 . 2006-11-13 05:14 28672 ----a-w c:\program files\New Microsoft Publisher Document.pub
2003-08-27 03:39 . 2003-08-27 03:39 24576 ----a-w c:\program files\AppTerminate.exe
2001-07-29 09:29 . 2004-09-29 22:52 96256 ----a-w c:\program files\UnGins.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-26_15.42.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-27 04:30 . 2009-05-27 04:30 16384 c:\windows\Temp\Perflib_Perfdata_4f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:35 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk
backup=c:\windows\pss\Date Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk
backup=c:\windows\pss\PrecisionTime.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^The Family^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\The Family\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14/05/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14/05/2009 2:22 PM 72944]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [29/07/2003 2:27 PM 14095]
S2 Ca533av;Dual Mode Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [22/11/2002 2:22 AM 220079]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14/05/2009 2:22 PM 7408]
S3 USBCamera;Dual Mode Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - NaiAvFilter101

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:50]

2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{4079E384-7872-4ED0-838E-2CEB797CB4C0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://au.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: { - c:\program files\platinumplay\casinogame.exe
IE: {{40B2063F-DB01-4962-BE63-59435C01283C} - c:\progra~1\VCPOKE~1\client.exe
IE: {{4E975845-1BA1-495E-95A3-2698978E3D4B} - c:\program files\BingoNova Lobby\osix.exe
IE: {{57BA65C1-57B3-40d3-A40A-A52042945370} - c:\program files\grandbayMPC\MPC.exe
IE: {{7F52819D-3B06-42FC-BECC-8AFB9E97D6F9} - c:\program files\BingoNova85\bingo.exe
IE: {{F5B5A190-EADF-49d9-A90D-52B236C05E63} - c:\program files\riverbelleMPC\MPC.exe
IE: {{2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - c:\program files\Starluck Casino\bin\IEExtension_SL.dll
IE: {{6F477182-DE4F-4326-ACE3-3110A676771B} - {6F477182-DE4F-4326-ACE3-3110A676771B} - c:\program files\Planetluck Casino\bin\IEExtension_PL.dll
IE: {{9CDE474A-A688-48f4-8B49-55CFB2356A6F} - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - c:\program files\bin\IEExtension_PB.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\The Family\Application Data\Mozilla\Firefox\Profiles\b5rzmvj9.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 15:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\0\win32]
@DACL=(02 0000)
@="c:\\Program Files\\ZangoToolbar\\Bin\\4.8.3.0\\ZbWallpaper.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-27 15:10
ComboFix-quarantined-files.txt 2009-05-27 05:39
ComboFix2.txt 2009-05-27 02:05
ComboFix3.txt 2009-05-26 15:46

Pre-Run: 51,842,580,480 bytes free
Post-Run: 51,877,978,112 bytes free

256 --- E O F --- 2009-05-26 04:01

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:06 PM, on 27/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll (file missing)
O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll (file missing)
O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe (file missing)
O9 - Extra button: BingoNova Lobby - {4E975845-1BA1-495E-95A3-2698978E3D4B} - C:\Program Files\BingoNova Lobby\osix.exe (file missing)
O9 - Extra 'Tools' menuitem: BingoNova Lobby - {4E975845-1BA1-495E-95A3-2698978E3D4B} - C:\Program Files\BingoNova Lobby\osix.exe (file missing)
O9 - Extra button: Grand Bay MPC - {57BA65C1-57B3-40d3-A40A-A52042945370} - C:\Program Files\grandbayMPC\MPC.exe (file missing)
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll (file missing)
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll (file missing)
O9 - Extra button: BingoNova - {7F52819D-3B06-42FC-BECC-8AFB9E97D6F9} - C:\Program Files\BingoNova85\bingo.exe (file missing)
O9 - Extra 'Tools' menuitem: BingoNova - {7F52819D-3B06-42FC-BECC-8AFB9E97D6F9} - C:\Program Files\BingoNova85\bingo.exe (file missing)
O9 - Extra button: partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Program Files\bin\IEExtension_PB.dll (file missing)
O9 - Extra 'Tools' menuitem: partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Program Files\bin\IEExtension_PB.dll (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Riverbelle MPC - {F5B5A190-EADF-49d9-A90D-52B236C05E63} - C:\Program Files\riverbelleMPC\MPC.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Rich Reels - FA77CF86-6F82-4D18-AE16-A37763B313AA - C:\Microgaming\Casino\RichReels\Casinogame.exe (file missing) (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\The Family\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\The Family\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aandr.com.au/web
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://arthurian.microgaming.com/arthurian/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...333/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8031 bytes

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:51 AM

Posted 27 May 2009 - 02:00 AM

Hi nonna,




Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Folder::
c:\Program Files\ZangoToolbar
c:\program files\LimeWire
RegLockDel:: 
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\0\win32]

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step2

Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll (file missing)
O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll (file missing)
O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe (file missing)
O9 - Extra button: BingoNova Lobby - {4E975845-1BA1-495E-95A3-2698978E3D4B} - C:\Program Files\BingoNova Lobby\osix.exe (file missing)
O9 - Extra 'Tools' menuitem: BingoNova Lobby - {4E975845-1BA1-495E-95A3-2698978E3D4B} - C:\Program Files\BingoNova Lobby\osix.exe (file missing)
O9 - Extra button: Grand Bay MPC - {57BA65C1-57B3-40d3-A40A-A52042945370} - C:\Program Files\grandbayMPC\MPC.exe (file missing)
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll (file missing)
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll (file missing)
O9 - Extra button: BingoNova - {7F52819D-3B06-42FC-BECC-8AFB9E97D6F9} - C:\Program Files\BingoNova85\bingo.exe (file missing)
O9 - Extra 'Tools' menuitem: BingoNova - {7F52819D-3B06-42FC-BECC-8AFB9E97D6F9} - C:\Program Files\BingoNova85\bingo.exe (file missing)
O9 - Extra button: partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Program Files\bin\IEExtension_PB.dll (file missing)
O9 - Extra 'Tools' menuitem: partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Program Files\bin\IEExtension_PB.dll (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O9 - Extra button: Riverbelle MPC - {F5B5A190-EADF-49d9-A90D-52B236C05E63} - C:\Program Files\riverbelleMPC\MPC.exe (file missing)
O9 - Extra button: Rich Reels - FA77CF86-6F82-4D18-AE16-A37763B313AA - C:\Microgaming\Casino\RichReels\Casinogame.exe (file missing) (HKCU)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked". Restart your pc.


Step3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<
Please rerun MBAM, and tell me if the error message is gone. If not, please post the screenshot for me.(When making screenshot, We need to see the entry name or Clisd, not the error message itself) When MBAM proceed with the disinfection process, asking to restart the computer, you should ok the button if prompted.

Please tell me how your pc is running now. If you need to install HP printer later, you should uninstall the program via Add/Remove Programs and reinstall it since some orphaned entries were removed. You need to run un-and-reinstall process to maintain the integration of the program.


In your next reply, please post back:


1.Combofix log
2.MBAM log
3.RSIT log.txt and info.txt.

Tell me how your pc is running now.

Edited by sundavis, 27 May 2009 - 02:15 AM.


#15 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:03:21 PM

Posted 27 May 2009 - 04:29 AM

Hi Sundavis

Disappointment this time, this is what happened.

When I dragged the CFScript into Combofix straight away I got one of the microsoft error messages, it read:

"pev.cfexe has encounted a problem and needs to close". I clicked on don't send and it then went into doing the scan.

When the scan had finished I saved the log and after I did the whole desktop went blank (it never did that before). I waited and waited for 15 minutes and then did a ctrl, alt, del but the were no applications running. I had no choice but to reboot.

When the system started that Generic Host Process error message popped up again. I tried to do the RSIT scan and another error message of which I did a screen shot and have attached for you to see. I uninstalled RSIT and reinstalled and still the same message.

I then went onto do the MBAM and the same error messages. I tried to get the CLISD error message by clicking on the log but it never came up. Last time it came up it popped up automatically after the first error message.

As for the printer, well I'm not even going to think about that one until all of this gets resolved.

On a brighter side it is running and downloading faster, the downloads especially are happening in a couple of minutes.

I will await your response and further instructions

Cheers and many thanks

Nonna

Edited by sundavis, 27 May 2009 - 07:17 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users