[Resolved] please some advice

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

2 Pages

1 2 >

[Resolved] please some advice

Options

69smitty View Member Profile	Jun 10 2008, 03:39 PM Post #1
New Member Group: New Member Posts: 13 Joined: 10-June 08 Member No.: 79,565 Operating System: windows xp	ok comp running slow an freezing up when i hit certain links any help would be greatly appreciated. I have done I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Next: Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location so you can post the results. Here is anti-malaware log file Malwarebytes' Anti-Malware 1.17 Database version: 846 5:30:07 PM 6/10/2008 mbam-log-6-10-2008 (17-30-07).txt Scan type: Quick Scan Objects scanned: 37939 Time elapsed: 9 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 15 Files Infected: 242 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.MFC\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.CRT\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Casino (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\logs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\sfx (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\Yourprivacyguard\Logs (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Files Infected: C:\Casino\PPC Poker\bjlicens.txt (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\browser.exe (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\cam.cas (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\common.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\countries.lst (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\db.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\games.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\id.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\licens.txt (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\options.cfg (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\poker.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\poker.exe (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\sc.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\texas.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\update.exe (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\webdollar.exe (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xml.dll (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\base.css (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\history.html (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\main.js (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Casino\PPC Poker\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\ProdCode (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\Yourprivacyguard\Logs\update.log (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log\2007 Sep 12 - 01_50_37 AM_453.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log\2007 Sep 12 - 01_50_39 AM_031.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log\2007 Sep 12 - 12_06_22 PM_875.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log\2007 Sep 12 - 12_06_24 PM_718.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Registry Backups\2007-09-12_02-00-10.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. then a high jack this file after iran anti malware Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:39:36 PM, on 6/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - Startup: services.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Betdirect Poker - {6709727A-27C0-4822-ACF7-C572E1899CD6} - C:\Program Files\betdirectMPP\MPPoker.exe O9 - Extra button: Poker Host Poker - {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - C:\Program Files\PokerHostMPP\MPPoker.exe O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Program Files\GutshotMPP\MPPoker.exe O9 - Extra button: Eurolinx Poker - {78AB8510-2944-4c6c-86E7-6412C2383349} - C:\Microgaming\Poker\EurolinxPokerMPP\MPPoker.exe O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: Intertops Poker - {A2AB1320-B1B6-40fd-A694-8197D8596FFD} - C:\Microgaming\Poker\IntertopsMPP\MPPoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Microgaming\Poker\bet365MPP\MPPoker.exe O9 - Extra button: Big Chip Poker - {BDA7A460-FFDB-4093-9120-F82DD89F5924} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Big Chip Poker\Big Chip Poker.lnk O9 - Extra 'Tools' menuitem: Big Chip Poker - {BDA7A460-FFDB-4093-9120-F82DD89F5924} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Big Chip Poker\Big Chip Poker.lnk O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: your Poker Room Poker - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokerMetroMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: ReeferPoker - 60a501e4-a078-4cb2-8728-3fab4264f3c1 - C:\Documents and Settings\dwayne smith\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU) O9 - Extra button: G2GPoker - b259f30a-f4f4-4fe5-81b4-9696d9c75daf - C:\Documents and Settings\dwayne smith\Start Menu\Programs\G2GPoker\G2GPoker.lnk (HKCU) O9 - Extra button: Walker Poker - {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Walker Poker\Walker Poker.lnk (HKCU) O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU) O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\PokerNordica\PokerNordica.lnk (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 10771 bytes please some help !!!!!

LDTate View Member Profile	Jun 16 2008, 05:27 PM Post #2
Forum God Group: Root Admin Posts: 43,015 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

69smitty View Member Profile	Jun 16 2008, 06:18 PM Post #3
New Member Group: New Member Posts: 13 Joined: 10-June 08 Member No.: 79,565 Operating System: windows xp	my computer will freeze up when opening pages ill try an slide pages over an ya get that smeared look as if the the page is being left behind hope ya know what im talking about when internet crashes i have gotten a hungapp errors thanks in advance for looking at this for me Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:07:39 PM, on 6/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\ASUS\Asus Probe\AsusProb.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Cellsino\Poker.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - Startup: services.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Betdirect Poker - {6709727A-27C0-4822-ACF7-C572E1899CD6} - C:\Program Files\betdirectMPP\MPPoker.exe O9 - Extra button: Poker Host Poker - {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - C:\Program Files\PokerHostMPP\MPPoker.exe O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Program Files\GutshotMPP\MPPoker.exe O9 - Extra button: Eurolinx Poker - {78AB8510-2944-4c6c-86E7-6412C2383349} - C:\Microgaming\Poker\EurolinxPokerMPP\MPPoker.exe O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: Intertops Poker - {A2AB1320-B1B6-40fd-A694-8197D8596FFD} - C:\Microgaming\Poker\IntertopsMPP\MPPoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Microgaming\Poker\bet365MPP\MPPoker.exe O9 - Extra button: Big Chip Poker - {BDA7A460-FFDB-4093-9120-F82DD89F5924} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Big Chip Poker\Big Chip Poker.lnk O9 - Extra 'Tools' menuitem: Big Chip Poker - {BDA7A460-FFDB-4093-9120-F82DD89F5924} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Big Chip Poker\Big Chip Poker.lnk O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: your Poker Room Poker - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokerMetroMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: ReeferPoker - 60a501e4-a078-4cb2-8728-3fab4264f3c1 - C:\Documents and Settings\dwayne smith\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU) O9 - Extra button: G2GPoker - b259f30a-f4f4-4fe5-81b4-9696d9c75daf - C:\Documents and Settings\dwayne smith\Start Menu\Programs\G2GPoker\G2GPoker.lnk (HKCU) O9 - Extra button: Walker Poker - {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Walker Poker\Walker Poker.lnk (HKCU) O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU) O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\PokerNordica\PokerNordica.lnk (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 11015 bytes

LDTate View Member Profile	Jun 16 2008, 06:25 PM Post #4
Forum God Group: Root Admin Posts: 43,015 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	As you can see from the infected programs / files from the scan, I suggest you un-install all those poker programs using add / remove programs 1.Click Start > Settings > Control Panel. 2.Next, open Add/Remove Programs and remove if listed: Any online poker program Empty recycle bin Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

69smitty View Member Profile	Jun 16 2008, 06:38 PM Post #5
New Member Group: New Member Posts: 13 Joined: 10-June 08 Member No.: 79,565 Operating System: windows xp	i have over 80 sites tis what i do for a livin u think this may be the source an is it manadtory to remove them all . yikes may take sometime to do so if it is

LDTate View Member Profile	Jun 16 2008, 06:41 PM Post #6
Forum God Group: Root Admin Posts: 43,015 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	We can see what we can do with removing them. Download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop -------------------------------------------------------------------- Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix. WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts Please do not re-connect your machine back to the Internet until Combofix has completely finished. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ** *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. Give it atleast 20-30 minutes to finish

69smitty View Member Profile	Jun 16 2008, 06:47 PM Post #7
New Member Group: New Member Posts: 13 Joined: 10-June 08 Member No.: 79,565 Operating System: windows xp	ok ill get on that will post once i get done thanks for your time

69smitty

Jun 16 2008, 08:03 PM

Post #8

New Member

Group: New Member
Posts: 13
Joined: 10-June 08
Member No.: 79,565
Operating System: windows xp

ok i ended up deleteing 85%or more of my poker sites an empytied me recyling bin, then dl new combofixs saved to desk top then rebooted in safe mode an ran it. then did a new hijack this scan as well here they are.

ComboFix 08-06-16.2 - dwayne smith 2008-06-16 21:30:29.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1280 [GMT -4:00]
Running from: C:\Documents and Settings\dwayne smith\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 10:15 . 2008-06-16 19:48 <DIR> d-------- C:\Program Files\Cellsino
2008-06-15 14:08 . 2008-06-15 14:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-15 14:08 . 2008-06-15 14:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 13:46 . 1998-02-09 03:00 1,455,736 --a------ C:\WINDOWS\system\VCL35.BPL
2008-06-15 13:46 . 1998-02-08 19:00 996,872 --a------ C:\WINDOWS\system\CP3240MT.DLL
2008-06-15 13:46 . 1998-05-18 10:52 458,752 --a------ C:\WINDOWS\system\COMCTL32.DLL
2008-06-15 13:46 . 1998-02-09 03:00 245,912 --a------ C:\WINDOWS\system\VCLX35.BPL
2008-06-15 13:46 . 1998-02-09 03:00 187,392 --a------ C:\WINDOWS\system\BCBSMP35.BPL
2008-06-15 13:46 . 1998-02-08 19:00 29,952 --a------ C:\WINDOWS\system\BORLNDMM.DLL
2008-06-15 13:46 . 2004-06-24 11:00 6,656 --a------ C:\WINDOWS\system32\drivers\AsProbe.sys
2008-06-15 13:44 . 2008-06-15 13:54 <DIR> d-------- C:\Program Files\ASUS
2008-06-15 13:44 . 2008-06-15 13:44 <DIR> d----c--- C:\Documents and Settings\dwayne smith\WINDOWS
2008-06-15 13:44 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-06-15 13:44 . 1997-04-22 10:16 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS
2008-06-15 13:41 . 2008-06-15 13:41 10,352 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-06-11 07:25 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:25 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 17:15 . 2008-06-10 17:15 <DIR> d----c--- C:\Documents and Settings\dwayne smith\Application Data\Malwarebytes
2008-06-10 17:14 . 2008-06-10 17:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 17:14 . 2008-06-10 17:14 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-10 17:14 . 2008-06-10 17:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 17:14 . 2008-06-11 15:00 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 17:14 . 2008-06-11 15:00 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 15:27 . 2008-06-15 13:27 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-06-10 14:46 . 2008-06-16 08:10 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-10 14:46 . 2008-06-10 14:46 <DIR> d-------- C:\Program Files\AVG
2008-06-10 14:46 . 2008-06-10 17:58 <DIR> d----c--- C:\Documents and Settings\dwayne smith\Application Data\AVGTOOLBAR
2008-06-10 14:46 . 2008-06-10 14:46 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-10 14:46 . 2008-06-10 14:46 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-10 14:46 . 2008-06-10 14:46 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-10 14:46 . 2008-06-10 14:46 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-07 00:42 . 2008-06-15 14:58 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-07 00:42 . 2008-06-15 14:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-05 13:49 . 2008-06-11 07:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-05 03:03 . 2008-06-05 03:03 <DIR> d----c--- C:\Documents and Settings\smitty\Application Data\SiteAdvisor
2008-06-05 02:59 . 2008-06-05 03:26 <DIR> d---sc--- C:\Documents and Settings\smitty
2008-06-05 00:21 . 2008-06-05 00:21 <DIR> d-------- C:\Program Files\Pure Networks
2008-06-02 14:06 . 2008-06-05 03:27 <DIR> d-------- C:\Program Files\WorldPokerTour
2008-05-30 18:11 . 2008-05-30 18:11 14,678,573 --a------ C:\Temp\POKER4EVER_Setup_winXP_02.32.exe
2008-05-30 12:50 . 2008-05-30 12:50 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MGS
2008-05-22 18:22 . 2008-05-22 18:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:22 . 2008-05-22 18:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-22 18:22 . 2008-05-22 18:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-22 18:20 . 2008-05-22 18:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-22 18:20 . 2008-05-22 18:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-22 18:19 . 2008-05-22 18:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-22 18:19 . 2008-05-22 18:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 18:19 . 2008-05-22 18:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-22 18:19 . 2008-05-22 18:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-22 18:19 . 2008-05-22 18:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-22 18:18 . 2008-05-22 18:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 19:07 . 2008-06-07 16:01 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-18 18:29 . 2008-05-23 22:03 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 16:28 . 2008-05-18 16:28 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-17 01:51 . 2008-01-25 16:36 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 01:22 --------- d-----w C:\Program Files\pokersyndicate
2008-06-17 01:15 --------- d-----w C:\Program Files\Vegas007
2008-06-17 01:15 --------- d-----w C:\Program Files\Vegas Poker 247
2008-06-17 01:14 --------- d-----w C:\Program Files\USDbetCom
2008-06-17 01:14 --------- d-----w C:\Program Files\TowerGaming
2008-06-17 01:12 --------- d-----w C:\Program Files\Poker In Canada
2008-06-17 01:07 --------- d-----w C:\Program Files\MansionPoker
2008-06-17 01:05 --------- d-----w C:\Program Files\Live Poker
2008-06-17 01:01 --------- d-----w C:\Program Files\Big Chip Poker
2008-06-16 18:22 --------- d-----w C:\Program Files\ShotOnline International
2008-06-16 15:18 --------- d-----w C:\Program Files\G2GPoker
2008-06-15 21:06 --------- d-----w C:\Program Files\Full Tilt Poker
2008-06-15 18:40 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\uTorrent
2008-06-15 17:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 21:44 --------- d-----w C:\Program Files\Ahead
2008-06-14 16:48 --------- d-----w C:\Program Files\uTorrent
2008-06-13 15:07 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\Microgaming
2008-06-13 15:07 --------- d-----w C:\Program Files\Absolute Poker
2008-06-13 03:46 --------- d-----w C:\Program Files\DivX
2008-06-11 23:49 --------- d-----w C:\Program Files\PokerStars
2008-06-11 02:14 --------- d-----w C:\Program Files\Cake Poker
2008-06-10 18:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-10 18:36 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-10 18:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-10 01:21 --------- d-----w C:\Program Files\BugsysClub Software
2008-06-07 19:53 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-05 16:14 --------- d-----w C:\Program Files\UltimateBet
2008-06-05 07:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-05 07:26 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-06-03 20:52 --------- d-----w C:\Program Files\B2BPOKER
2008-06-02 15:57 --------- d-----w C:\Program Files\POKER4EVER
2008-05-31 08:39 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\Skype
2008-05-31 05:29 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\skypePM
2008-05-29 01:59 --------- d-----w C:\Program Files\PokerHostMPP
2008-05-18 01:06 --------- d-----w C:\Program Files\DawggHousePoker
2008-05-16 20:10 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2008-05-16 19:31 --------- d-----w C:\Program Files\ReeferPoker
2008-05-16 05:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-15 23:48 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-12 23:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-12 23:41 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\SUPERAntiSpyware.com
2008-05-12 23:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 23:14 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-11 01:41 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\teamspeak2
2008-05-11 01:41 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-10 22:02 --------- d-----w C:\Program Files\Betfred Poker
2008-05-10 01:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-30 04:00 --------- d-----w C:\Program Files\PCPitstop
2008-04-