Weird .exe file I can't delete (sbw9xup.exe)

[VV_Gary_VV]

Tried deleteing in safemode, from the command prompt, I just don't know what to do. It says it's being used by another program. The file is an installation file for soundblaster live drivers. It was for my brothers computer cause I was reinstalling windows. The file has nothing to do with my soundcard. It's very strange why I can't delete it. The permissions look fine also. It's very annoying! I try to keep my computer as clean as I can, so I don't know what's going on. Any help is appreciated.

 

[RealBlackStuff]

Boot in Safe Mode
Switch off System Restore
Run HJT on its own and let it 'fix':
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - (no file)
O2 - BHO: (no name) - {2AD6E7E3-741E-46C0-8096-ABF9DB55596C} - (no file)
O2 - BHO: (no name) - {9BE84FEF-6711-4BEF-999F-2F6019ADB8FC} - (no file)
O2 - BHO: (no name) - {DD465ECF-29B6-4F86-A8FB-81A5B6AC4810} - (no file)
O3 - Toolbar: (no name) - {29071488-56FD-48AB-9A48-407F9A16DBF1} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm240XXUS
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\GAMES\Empire Poker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\GAMES\Empire Poker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\GAMES\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\GAMES\PartyPoker\IEExtension.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/276f5ff073a989468804/netzip/RdxIE601.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: OracleOracleTNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceGARY - Unknown owner - c:\oracle\ora92\bin\ORACLE.EXE (file missing)
O23 - Service: OracleServiceGC - Unknown owner - c:\oracle\ora92\bin\ORACLE.EXE (file missing)

When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

Next, press ctrl/alt/del and in Taskmanager try to STOP:
sbw9xup.exe if it is there and then try to delete it.

Boot normal. If OK, turn System Restore back on.

 

[VV_Gary_VV]

still nothing

Ok I did all that, but I didn't delete these (at the bottom of this post), cause I wanted to double check if I should. I use PartyPoker, it's a legit game. And symantec is for my Norton systemworks that I currently use. Is it okay to delete these still? I don't want to mess anything up with these two programs. Also that stupid .exe file still won't delete after I did everything you said. Here are the processes that were running in safemode in the task manager

taskmgr.exe
explorer.exe
svchost.exe
svchost.exe
svchost.exe
Isass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
System
System Idle Process


entries I didn't delete:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\GAMES\PartyPoker\IEExtension.dl

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\GAMES\PartyPoker\IEExtension.dll

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

Thanks for your help

 

[VV_Gary_VV]

I Did It!

I forgot my Norton Systemworks has an option that lets you delete anything and it makes a backup. It deleted it! Thanks for the help.

 

[RealBlackStuff]

It is up to you do decide if that poker-program is trustworthy.
You can keep the O16-link if you want. Glad you sorted the rest.

 

[LookinAround]

w_garyW

try searching the net for more information on Party Poker by using different google search terms.. Start with Party Poker contains infection

Try your own search terms too and then draw your own concusion about Party Poker

 

[mickzer]

Probably fixed by now,LookinAround

(Look at the date)

mickzer.

 

[LookinAround]

Well, you're right about that, now that i see the date

but now i'm confused as i review threads and posts by clicking on Today's Posts so now i;m not sure how i even got here!

 

[mickzer]

OK. We'll just have to blame the technology, then.

mickzer