Quote:
|
I was wondering about partypoker as a source of bad code, so it's gone too. These can be played online- is this still a threat in your opinion?
|
Yes. Did you read the link I posted about this?
Surprising! I don't see anything in the combofix log that I was expecting to see. As this is a shared machine it may be rather difficult to make any assurances.
Please advise which of these two is the correct start page:
http://www.asus.com
https://evgausperfm1.envirogold.com
You can run HijackThis again and check the box next to these entries:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
Unknown
O4 - Global Startup: ASUS ChkMail.lnk.disabled
O4 - Global Startup: HDBackup.lnk.disabled
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O20 - AppInit_DLLs:
Close all windows now except for the HijackThis application's window (that includes this browser window), then click the
Fix Checked button.
Locate and delete the following folder indicated in
Bold Text:
C:\Program Files\
PartyGaming
Update your on board antivirus application. Reboot the computer into
Safe mode. Once in safe mode, open the on board antivirus application and run a complete system scan. Allow the software to quarantine whatever it complains about. When the scan completes, reboot to your normal windows user mode.
Post a fresh HijackThis log. Please advise how the system behaves now and if you are having any other issues. Thanks!