WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] please some advice

Started by 69smitty , Jun 10 2008 03:39 PM

This topic is locked

25 replies to this topic

#1 69smitty

New Member

New Member
13 posts

Posted 10 June 2008 - 03:39 PM

ok comp running slow an freezing up when i hit certain links any help would be greatly appreciated.
I have done I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location so you can post the results.

Here is anti-malaware log file

Malwarebytes' Anti-Malware 1.17
Database version: 846

5:30:07 PM 6/10/2008
mbam-log-6-10-2008 (17-30-07).txt

Scan type: Quick Scan
Objects scanned: 37939
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 15
Files Infected: 242

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.MFC\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.CRT\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\logs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\Yourprivacyguard\Logs (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Casino\PPC Poker\bjlicens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\webdollar.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PPC Poker\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\ProdCode (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\Yourprivacyguard\Logs\update.log (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log\2007 Sep 12 - 01_50_37 AM_453.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log\2007 Sep 12 - 01_50_39 AM_031.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log\2007 Sep 12 - 12_06_22 PM_875.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Log\2007 Sep 12 - 12_06_24 PM_718.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\dwayne smith\Application Data\RegistrySmart\Registry Backups\2007-09-12_02-00-10.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

then a high jack this file after iran anti malware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:36 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: services.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Betdirect Poker - {6709727A-27C0-4822-ACF7-C572E1899CD6} - C:\Program Files\betdirectMPP\MPPoker.exe
O9 - Extra button: Poker Host Poker - {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - C:\Program Files\PokerHostMPP\MPPoker.exe
O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Program Files\GutshotMPP\MPPoker.exe
O9 - Extra button: Eurolinx Poker - {78AB8510-2944-4c6c-86E7-6412C2383349} - C:\Microgaming\Poker\EurolinxPokerMPP\MPPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Intertops Poker - {A2AB1320-B1B6-40fd-A694-8197D8596FFD} - C:\Microgaming\Poker\IntertopsMPP\MPPoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Microgaming\Poker\bet365MPP\MPPoker.exe
O9 - Extra button: Big Chip Poker - {BDA7A460-FFDB-4093-9120-F82DD89F5924} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Big Chip Poker\Big Chip Poker.lnk
O9 - Extra 'Tools' menuitem: Big Chip Poker - {BDA7A460-FFDB-4093-9120-F82DD89F5924} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Big Chip Poker\Big Chip Poker.lnk
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe
O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk
O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: your Poker Room Poker - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokerMetroMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ReeferPoker - 60a501e4-a078-4cb2-8728-3fab4264f3c1 - C:\Documents and Settings\dwayne smith\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O9 - Extra button: G2GPoker - b259f30a-f4f4-4fe5-81b4-9696d9c75daf - C:\Documents and Settings\dwayne smith\Start Menu\Programs\G2GPoker\G2GPoker.lnk (HKCU)
O9 - Extra button: Walker Poker - {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Walker Poker\Walker Poker.lnk (HKCU)
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\PokerNordica\PokerNordica.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp....GamesCampus.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10771 bytes

please some help !!!!!

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 June 2008 - 05:27 PM

Sorry about the delay in responding

If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 69smitty

New Member

New Member
13 posts

Posted 16 June 2008 - 06:18 PM

my computer will freeze up when opening pages ill try an slide pages over an ya get that smeared look as if the the page is being left behind hope ya know what im talking about :blush:

when internet crashes i have gotten a hungapp errors
thanks in advance for looking at this for me

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:39 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Cellsino\Poker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: services.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Betdirect Poker - {6709727A-27C0-4822-ACF7-C572E1899CD6} - C:\Program Files\betdirectMPP\MPPoker.exe
O9 - Extra button: Poker Host Poker - {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - C:\Program Files\PokerHostMPP\MPPoker.exe
O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Program Files\GutshotMPP\MPPoker.exe
O9 - Extra button: Eurolinx Poker - {78AB8510-2944-4c6c-86E7-6412C2383349} - C:\Microgaming\Poker\EurolinxPokerMPP\MPPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Intertops Poker - {A2AB1320-B1B6-40fd-A694-8197D8596FFD} - C:\Microgaming\Poker\IntertopsMPP\MPPoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Microgaming\Poker\bet365MPP\MPPoker.exe
O9 - Extra button: Big Chip Poker - {BDA7A460-FFDB-4093-9120-F82DD89F5924} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Big Chip Poker\Big Chip Poker.lnk
O9 - Extra 'Tools' menuitem: Big Chip Poker - {BDA7A460-FFDB-4093-9120-F82DD89F5924} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Big Chip Poker\Big Chip Poker.lnk
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe
O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk
O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: your Poker Room Poker - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokerMetroMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ReeferPoker - 60a501e4-a078-4cb2-8728-3fab4264f3c1 - C:\Documents and Settings\dwayne smith\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O9 - Extra button: G2GPoker - b259f30a-f4f4-4fe5-81b4-9696d9c75daf - C:\Documents and Settings\dwayne smith\Start Menu\Programs\G2GPoker\G2GPoker.lnk (HKCU)
O9 - Extra button: Walker Poker - {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\Walker Poker\Walker Poker.lnk (HKCU)
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\PokerNordica\PokerNordica.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp....GamesCampus.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11015 bytes

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 June 2008 - 06:25 PM

As you can see from the infected programs / files from the scan, I suggest you un-install all those poker programs using add / remove programs

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
Any online poker program

Empty recycle bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 69smitty

New Member

New Member
13 posts

Posted 16 June 2008 - 06:38 PM

i have over 80 sites tis what i do for a livin u think this may be the source an is it manadtory to remove them all . yikes may take sometime to do so if it is

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 June 2008 - 06:41 PM

We can see what we can do with removing them.

Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
Please do not re-connect your machine back to the Internet until Combofix has completely finished.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 69smitty

New Member

New Member
13 posts

Posted 16 June 2008 - 06:47 PM

ok ill get on that will post once i get done thanks for your time

#8 69smitty

New Member

New Member
13 posts

Posted 16 June 2008 - 08:03 PM

ok i ended up deleteing 85%or more of my poker sites an empytied me recyling bin, then dl new combofixs saved to desk top then rebooted in safe mode an ran it. then did a new hijack this scan as well here they are.

ComboFix 08-06-16.2 - dwayne smith 2008-06-16 21:30:29.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1280 [GMT -4:00]
Running from: C:\Documents and Settings\dwayne smith\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 10:15 . 2008-06-16 19:48 <DIR> d-------- C:\Program Files\Cellsino
2008-06-15 14:08 . 2008-06-15 14:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-15 14:08 . 2008-06-15 14:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 13:46 . 1998-02-09 03:00 1,455,736 --a------ C:\WINDOWS\system\VCL35.BPL
2008-06-15 13:46 . 1998-02-08 19:00 996,872 --a------ C:\WINDOWS\system\CP3240MT.DLL
2008-06-15 13:46 . 1998-05-18 10:52 458,752 --a------ C:\WINDOWS\system\COMCTL32.DLL
2008-06-15 13:46 . 1998-02-09 03:00 245,912 --a------ C:\WINDOWS\system\VCLX35.BPL
2008-06-15 13:46 . 1998-02-09 03:00 187,392 --a------ C:\WINDOWS\system\BCBSMP35.BPL
2008-06-15 13:46 . 1998-02-08 19:00 29,952 --a------ C:\WINDOWS\system\BORLNDMM.DLL
2008-06-15 13:46 . 2004-06-24 11:00 6,656 --a------ C:\WINDOWS\system32\drivers\AsProbe.sys
2008-06-15 13:44 . 2008-06-15 13:54 <DIR> d-------- C:\Program Files\ASUS
2008-06-15 13:44 . 2008-06-15 13:44 <DIR> d----c--- C:\Documents and Settings\dwayne smith\WINDOWS
2008-06-15 13:44 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-06-15 13:44 . 1997-04-22 10:16 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS
2008-06-15 13:41 . 2008-06-15 13:41 10,352 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-06-11 07:25 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:25 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 17:15 . 2008-06-10 17:15 <DIR> d----c--- C:\Documents and Settings\dwayne smith\Application Data\Malwarebytes
2008-06-10 17:14 . 2008-06-10 17:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 17:14 . 2008-06-10 17:14 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-10 17:14 . 2008-06-10 17:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 17:14 . 2008-06-11 15:00 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 17:14 . 2008-06-11 15:00 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 15:27 . 2008-06-15 13:27 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-06-10 14:46 . 2008-06-16 08:10 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-10 14:46 . 2008-06-10 14:46 <DIR> d-------- C:\Program Files\AVG
2008-06-10 14:46 . 2008-06-10 17:58 <DIR> d----c--- C:\Documents and Settings\dwayne smith\Application Data\AVGTOOLBAR
2008-06-10 14:46 . 2008-06-10 14:46 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-10 14:46 . 2008-06-10 14:46 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-10 14:46 . 2008-06-10 14:46 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-10 14:46 . 2008-06-10 14:46 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-07 00:42 . 2008-06-15 14:58 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-07 00:42 . 2008-06-15 14:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-05 13:49 . 2008-06-11 07:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-05 03:03 . 2008-06-05 03:03 <DIR> d----c--- C:\Documents and Settings\smitty\Application Data\SiteAdvisor
2008-06-05 02:59 . 2008-06-05 03:26 <DIR> d---sc--- C:\Documents and Settings\smitty
2008-06-05 00:21 . 2008-06-05 00:21 <DIR> d-------- C:\Program Files\Pure Networks
2008-06-02 14:06 . 2008-06-05 03:27 <DIR> d-------- C:\Program Files\WorldPokerTour
2008-05-30 18:11 . 2008-05-30 18:11 14,678,573 --a------ C:\Temp\POKER4EVER_Setup_winXP_02.32.exe
2008-05-30 12:50 . 2008-05-30 12:50 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MGS
2008-05-22 18:22 . 2008-05-22 18:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:22 . 2008-05-22 18:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-22 18:22 . 2008-05-22 18:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-22 18:20 . 2008-05-22 18:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-22 18:20 . 2008-05-22 18:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-22 18:19 . 2008-05-22 18:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-22 18:19 . 2008-05-22 18:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 18:19 . 2008-05-22 18:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-22 18:19 . 2008-05-22 18:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-22 18:19 . 2008-05-22 18:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-22 18:18 . 2008-05-22 18:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 19:07 . 2008-06-07 16:01 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-18 18:29 . 2008-05-23 22:03 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 16:28 . 2008-05-18 16:28 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-17 01:51 . 2008-01-25 16:36 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 01:22 --------- d-----w C:\Program Files\pokersyndicate
2008-06-17 01:15 --------- d-----w C:\Program Files\Vegas007
2008-06-17 01:15 --------- d-----w C:\Program Files\Vegas Poker 247
2008-06-17 01:14 --------- d-----w C:\Program Files\USDbetCom
2008-06-17 01:14 --------- d-----w C:\Program Files\TowerGaming
2008-06-17 01:12 --------- d-----w C:\Program Files\Poker In Canada
2008-06-17 01:07 --------- d-----w C:\Program Files\MansionPoker
2008-06-17 01:05 --------- d-----w C:\Program Files\Live Poker
2008-06-17 01:01 --------- d-----w C:\Program Files\Big Chip Poker
2008-06-16 18:22 --------- d-----w C:\Program Files\ShotOnline International
2008-06-16 15:18 --------- d-----w C:\Program Files\G2GPoker
2008-06-15 21:06 --------- d-----w C:\Program Files\Full Tilt Poker
2008-06-15 18:40 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\uTorrent
2008-06-15 17:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 21:44 --------- d-----w C:\Program Files\Ahead
2008-06-14 16:48 --------- d-----w C:\Program Files\uTorrent
2008-06-13 15:07 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\Microgaming
2008-06-13 15:07 --------- d-----w C:\Program Files\Absolute Poker
2008-06-13 03:46 --------- d-----w C:\Program Files\DivX
2008-06-11 23:49 --------- d-----w C:\Program Files\PokerStars
2008-06-11 02:14 --------- d-----w C:\Program Files\Cake Poker
2008-06-10 18:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-10 18:36 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-10 18:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-10 01:21 --------- d-----w C:\Program Files\BugsysClub Software
2008-06-07 19:53 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-05 16:14 --------- d-----w C:\Program Files\UltimateBet
2008-06-05 07:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-05 07:26 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-06-03 20:52 --------- d-----w C:\Program Files\B2BPOKER
2008-06-02 15:57 --------- d-----w C:\Program Files\POKER4EVER
2008-05-31 08:39 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\Skype
2008-05-31 05:29 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\skypePM
2008-05-29 01:59 --------- d-----w C:\Program Files\PokerHostMPP
2008-05-18 01:06 --------- d-----w C:\Program Files\DawggHousePoker
2008-05-16 20:10 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2008-05-16 19:31 --------- d-----w C:\Program Files\ReeferPoker
2008-05-16 05:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-15 23:48 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-12 23:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-12 23:41 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\SUPERAntiSpyware.com
2008-05-12 23:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 23:14 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-11 01:41 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\teamspeak2
2008-05-11 01:41 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-10 22:02 --------- d-----w C:\Program Files\Betfred Poker
2008-05-10 01:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-30 04:00 --------- d-----w C:\Program Files\PCPitstop
2008-04-30 02:20 --------- d-----w C:\Program Files\Google
2008-04-29 03:26 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-29 02:14 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 02:14 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\DAEMON Tools
2008-04-28 18:23 --------- dc----w C:\Documents and Settings\dwayne smith\Application Data\McAfee
2008-04-28 00:46 --------- d-----w C:\Program Files\Analog Devices
2008-04-28 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-04-28 00:13 --------- d-----w C:\Program Files\Creative
2008-04-27 23:28 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-04-26 22:58 --------- d-----w C:\Program Files\Skype
2008-04-26 16:11 --------- d-----w C:\Program Files\CarbonPoker
2008-04-26 06:25 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-26 06:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-26 06:18 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-25 16:04 --------- d-----w C:\Program Files\Real
2008-04-25 16:04 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-25 16:04 --------- d-----w C:\Program Files\Common Files\Real
2008-04-21 18:12 --------- d-----w C:\Program Files\HP
2008-01-10 20:00 47,360 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\pcouffin.sys
2007-02-02 02:43 314 ----a-w C:\Program Files\INSTALL.LOG
2007-01-17 00:51 49 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb41.dat
2007-01-17 00:50 382 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb1942.dat
2007-01-17 00:48 20,480 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb4827.dat
2007-01-17 00:48 151 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb292.dat
2007-01-17 00:48 0 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb2391.dat
2007-01-16 23:25 9,216 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb8467.dat
2007-01-16 23:25 0 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb6334.dat
2007-01-16 23:25 0 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb5436.dat
2007-01-16 23:25 0 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb4604.dat
2007-01-16 23:25 0 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb3902.dat
2007-01-16 23:25 0 -c--a-w C:\Documents and Settings\dwayne smith\Application Data\internaldb153.dat
2000-07-26 19:31 61,440 ----a-w C:\Program Files\msado20.tlb
1998-05-15 05:00 73,184 ----a-w C:\Program Files\DAO2535.TLB
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 22:56 68856]
"NVIEW"="nview.dll" [2003-07-28 14:19 852038 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-03 18:56 158208]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2003-07-28 14:19 49152]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-03 18:56 143360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-26 14:58 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 12:04 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-10 14:46 1177368]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 16:07 617984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-07 15:53 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
--a------ 2007-02-01 15:07 285696 C:\Program Files\Portrait Displays\forteManager\DTHtml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 11:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 11:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 11:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-26 14:58 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-11-02 21:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-06-07 15:53 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-17 22:56 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 12:04 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2007-10-26 12:06 292152 C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"ImapiService"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"SoundMAX Agent Service (default)"=2 (0x2)
"gusvc"=3 (0x3)
"DTSRVC"=2 (0x2)
"usnjsvc"=3 (0x3)
"MWLSvc"=3 (0x3)
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"MBackMonitor"=2 (0x2)
"0275291213122496mcinstcleanup"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Absolute Poker\\mainclient.exe"=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\G2GPoker\\client.exe"=
"C:\\Program Files\\ReeferPoker\\client.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\dwayne smith\\Desktop\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\OLRSubmission\\OLRSubmission.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"12000:TCP"= 12000:TCP:utorrent

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-10 14:46]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-10 14:46]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-10 14:46]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-10 14:46]
S3 VGAUTI;VGAUTI;C:\WINDOWS\system32\DRIVERS\VGAUTI.sys [2003-05-22 02:58]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 21:37:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-16 21:47:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 01:47:19
ComboFix2.txt 2008-05-05 19:09:19

Pre-Run: 16,400,228,352 bytes free
Post-Run: 16,438,804,480 bytes free

292 --- E O F --- 2008-06-11 11:42:53

hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:15 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: services.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Poker Host Poker - {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - C:\Program Files\PokerHostMPP\MPPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ReeferPoker - 60a501e4-a078-4cb2-8728-3fab4264f3c1 - C:\Documents and Settings\dwayne smith\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O9 - Extra button: G2GPoker - b259f30a-f4f4-4fe5-81b4-9696d9c75daf - C:\Documents and Settings\dwayne smith\Start Menu\Programs\G2GPoker\G2GPoker.lnk (HKCU)
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp....GamesCampus.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7726 bytes

#9 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 June 2008 - 08:15 PM

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#10 69smitty

New Member

New Member
13 posts

Posted 16 June 2008 - 08:33 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:47 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: services.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Poker Host Poker - {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - C:\Program Files\PokerHostMPP\MPPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ReeferPoker - 60a501e4-a078-4cb2-8728-3fab4264f3c1 - C:\Documents and Settings\dwayne smith\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O9 - Extra button: G2GPoker - b259f30a-f4f4-4fe5-81b4-9696d9c75daf - C:\Documents and Settings\dwayne smith\Start Menu\Programs\G2GPoker\G2GPoker.lnk (HKCU)
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\dwayne smith\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp....GamesCampus.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7354 bytes

Advertisements

Register to Remove

#11 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 17 June 2008 - 05:37 AM

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto What did you disable using msconfig? describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#12 69smitty

New Member

New Member
13 posts

Posted 17 June 2008 - 11:18 AM

i went into misconfig to boot inis to check safe mode so i could boot up in safe mode earlier

#13 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 17 June 2008 - 11:21 AM

describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#14 69smitty

New Member

New Member
13 posts

Posted 17 June 2008 - 11:31 AM

i havent any freeze ups since i have done all this hopefully all is ok :woot:

but i really havent been on it much all fool around on it today an will see . could you leave this topic open just for taoday ill post back later today to let ya know if any thing wierd is happening but it seem ok !!!!!!! I thank you for your help so far mate

#15 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 17 June 2008 - 11:59 AM

Will keep it open until tomorrow.
Be sure to do the below.

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Here's my usual all clean post

Log looks good

You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:[list=1]
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
  [list=a]
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

[*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme