View Full Version : Help with removal, please: xlibfgl254
Aloha,
My boss's personal laptop has the xlibfgl254 bug. The irritating pop-up, no internet access. I did Safe Mode and System Restore to get internet access. I downloaded Spybot S&D and AVG and ran them before finding this forum, but of course that alone didn't help.
I'm not yet savy about System Restore. I apparently had to start all over again after shutting down the computer.
I have no idea how this laptop is used, or what it is used for.
Per the post to be read before posting, I ran Spybot S&D and HTL.
I would appreciate your help in getting rid of this bug. My log is below.
Thanks.
Tana-Lee
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:13 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
C:\Program Files\Common Files\SystemDoctor 2006\SDR6cw.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\common files\aol\1154060430\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154060430\ee\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\DELLSU~1\DSBrws.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\carlos23\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=6jkk571
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SDR6cw] C:\Program Files\Common Files\SystemDoctor 2006\SDR6cw.exe -c
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12526 bytes
Aloha...
I apologize. I'm so sorry to post again, but I know I made at least one mistake: the name of the virus is XLIBGFL254, and not as I posted it (switched the F and the G).
I might have made a second mistake: When I ran HiJackThis (which I also misnamed in my post), I was in a System Restore mode in order to be able to download the recommended software. Would that have kept the log from showing the virus?
I'd truly appreciate it if someone please give me a hand with this problem from scratch.
Tana-Lee : (
pskelley
2008-08-31, 02:08
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.
Since four days have gone by as a result of adding to the original post, if you still need help please do this.
1) You are describing a malware file, I need to know the program that is finding that file, the name of the file it is finding and the location of that file (pathway to it)
2) Post a new HJT log and I will be glad to take a look and advise you.
Thanks
Aloha...
Thank you for the assistance. Again, I apologize for the additional post, but I thought it was important to correct the virus name (for search purposes) and to see if I might have erred by going back to an earlier restore point (which I think I'm still using).
Since I started up this computer after receiving your reply, the pop-up window has displayed the invalid image message for:
portAol.exe
wkUFind.exe
dwwin.exe
McUpdate.exe
GoogleToolbarNotifier.exe
aolsoftware.exe
A message box also pops up occasionally with the title "Title", an exclamation mark symbol, and the message "Topic", with an OK button.
On the second run, S&D showed a Trojan for SystemDoctor 2006, for which I clicked the Fix button.
The HJT log which I ran after S&D is below, but again, please, should I be doing this in the restored to an earlier date mode, or the date after the computer became infected?
Thanks again.
Tana-Lee
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:49 PM, on 8/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\carlos23\Desktop\HiJackThis.exe
c:\program files\common files\aol\1154060430\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154060430\ee\aolsoftware.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=6jkk571
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SDR6cw] C:\Program Files\Common Files\SystemDoctor 2006\SDR6cw.exe -c
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12328 bytes
pskelley
2008-08-31, 12:43
Aloha, please take the time you need to proceed carefully, do not rush or try to work on these problems when you can not give your full attention. If there is something you do not understand, stop and ask your questions.
Thanks for returning your HijackThis (HJT) log, you said:
the pop-up window has displayed the invalid image message for:(etc)
I need error messages posted exactly as windows provides them to you "word for word", this is the only way I can research them.
Example: invalid image message = http://www.google.com/search?hl=en&q=invalid+image+message&btnG=Google+Search&aq=f&oq=
offers 337,000 possibles.
should I be doing this in the restored to an earlier date mode, or the date after the computer became infected?
No, just read and follow my directions from this point, make sure System Restore is on, we will clean the files later if they are infected.
Continue to ask question you believe are relevant.
We will ask combofix to look for hidden malware, follow the directions carefully.
1) You are running two antivirus programs at the same time, this is not a good thing, see this:
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp
AVG8
mcafee
Uninstall one of those: Start > Control Panel > Add Remove Programs
2) It appears you missed the direction and as a result your HJT log is unsafely located, follow these directions to locate it safely:
Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log. <<< close the log and HJT, you have the shortcut on the Desktop now and I will tell you when you need to use HJT again.
3) SystemDoctor: http://www.symantec.com/security_response/writeup.jsp?docid=2006-062015-2622-99&tabid=1
SystemDoctor is a Security Risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
4) Remove any old copies of combofix before you proceed.
Thanks to sUBs and anyone else who helped with this fix.
It is important that it is saved directly to your Desktop.
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post the combofix log and a new HJT log.
Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Thanks
Aloha, again...
Thanks again for your help!
This laptop is acting better already (although I had to kill it after the combofix, because no icons came up on the user screen). Since I restarted it, the irritating message boxes have not appeared. So per your instructions (I hope):
1. Uninstalled McAfee
- Personal Firewall
- VirsuScan
- Security Center
[This laptop has too much security software running, I think. Could you tell me what else I can delete? I've never been an AOL fan. Even though it's not my laptop, I'd love to get rid of some (all, actually) of their stuff.]
2. Uninstalled HJT, then re-installed per instructions in step 2
3. SystemDoctor. Deleted later by combofix.
4. I never downloaded or ran combofix previously. Downloaded and ran per instructions.
While running combofix, message box:
Title: Port Magic exception
Message: Port Magic experienced a fatal error and must be
restarted.
Code: An Exception was generated with the following code:
0x06d7363
Press [OK] to restart Port Magic or [Cancel] to exit.
I waited for combobox to stop running, then clicked [Cancel]
Another box:
Spybot S&D systems settings protector has encountered a problem
and needs to close...
I clicked [Don't Send]
****************
The pop-up windows (message boxes) are all the same with this style, and the titles listed below:
Title: dwwin.exe - Bad Image
Symbol: Red X
Message: The application or DLL C:\Windows\system32\xlibgfl254.dll
is not a valid Windows image. Please check this against
your installation diskette.
Button: OK
The same box displays for:
- McUpdate.exe - Bad Image
- GoogleToolbarNotifier.exe - Bad Image
- aolsoftware.exe - Bad Image
- WkUFind.exe - Bad Image
- 2008831153534_mcinfo.exe - Bad Image
- AOLUnifiedSysTray:AOLSoftware.exe - Bad Image
****************
Message box:
AOL Spyware in progress
Later results showed:
Found 1 spyware and adware item:
Name: Bifrost hkey_current_user\software\wget
Status: Backdoor
Potential threat: Security
I selected Ignore
Spybot S&D icon in tray displayed:
152104 processes blacklisted
The ComboFix and HJT logs follow below.
Many thanks.
Tana-Lee
**************************
ComboFix 08-08-30.03 - carlos23 2008-08-31 16:03:04.1 - NTFSx86
Running from: C:\Documents and Settings\carlos23\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Desktop\SystemDoctor 2006.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDoctor 2006
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDoctor 2006\Feedback on Support Quality.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDoctor 2006\Report Software Defect.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDoctor 2006\Request for Instructions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDoctor 2006\Share Your Suggestions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDoctor 2006\SystemDoctor 2006 Manual.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDoctor 2006\SystemDoctor 2006 on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDoctor 2006\SystemDoctor 2006.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDoctor 2006\Uninstall SystemDoctor 2006.lnk
C:\Documents and Settings\carlos23\Application Data\install.dat
C:\Documents and Settings\carlos23\Application Data\SystemDoctor 2006
C:\Documents and Settings\carlos23\Cookies\carlos23@2o7[1].txt
C:\Documents and Settings\carlos23\Cookies\carlos23@advertising[1].txt
C:\Documents and Settings\carlos23\Cookies\carlos23@www.oralsex[1].txt
C:\Documents and Settings\carlos23\err.log
C:\Documents and Settings\Guest\Application Data\SystemDoctor 2006
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
C:\Documents and Settings\Guest\err.log
C:\Documents and Settings\Laderta Jeffery\err.log
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\xlibgfl254.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.
2008-08-31 15:51 . 2008-08-31 15:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 09:29 . 2008-08-26 09:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-26 09:29 . 2008-08-26 09:29 <DIR> d-------- C:\Program Files\AVG
2008-08-26 09:29 . 2008-08-26 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-26 09:29 . 2008-08-26 09:29 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-26 09:29 . 2008-08-26 09:29 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-26 09:29 . 2008-08-26 09:29 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-25 18:47 . 2008-08-25 18:47 <DIR> d-------- C:\Documents and Settings\Tana-Lee\Application Data\AOL
2008-08-25 18:46 . 2008-08-25 18:46 <DIR> d-------- C:\Documents and Settings\Tana-Lee\Application Data\GTek
2008-08-25 18:43 . 2005-03-27 09:06 <DIR> d-------- C:\Documents and Settings\Tana-Lee\Application Data\Sonic
2008-08-25 18:43 . 2005-03-27 08:45 <DIR> d-------- C:\Documents and Settings\Tana-Lee\Application Data\Intel
2008-08-25 18:43 . 2008-08-25 20:36 <DIR> d---s---- C:\Documents and Settings\Tana-Lee
2008-08-25 12:50 . 2008-08-25 12:50 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-25 12:50 . 2008-08-25 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-25 12:15 . 2008-08-26 11:10 <DIR> d-------- C:\$AVG8.VAULT$
2008-08-25 12:13 . 2008-08-25 12:16 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-08-25 12:13 . 2008-08-26 09:36 <DIR> d-------- C:\Documents and Settings\carlos23\Application Data\AVGTOOLBAR
2008-08-25 12:12 . 2008-08-25 20:36 <DIR> d-------- C:\Program Files\AVG(2)
2008-08-25 12:12 . 2008-08-25 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-08-25 12:06 . 2008-06-13 03:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-25 12:06 . 2008-06-13 03:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-25 11:49 . 2008-05-01 04:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-19 19:38 . 2008-08-19 19:41 154 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-08-19 19:13 . 2008-08-26 09:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-19 19:13 . 2008-08-30 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 01:39 --------- d-----w C:\Program Files\McAfee.com
2008-09-01 01:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-08-31 05:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-26 21:10 --------- d-----w C:\Program Files\Common Files\SystemDoctor 2006
2008-08-26 06:52 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-08-26 06:51 --------- d-----w C:\Program Files\America Online 9.0a
2008-08-26 06:51 --------- d-----w C:\Documents and Settings\Laderta Jeffery\Application Data\McAfee.com Personal Firewall
2008-08-26 06:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 06:36 --------- d-----w C:\Program Files\SystemDoctor 2006
2008-07-13 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-07-13 21:04 --------- d-----w C:\Program Files\Common Files\aolshare
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2007-06-16 18:46 302 ----a-w C:\Documents and Settings\carlos23\Application Data\wklnhst.dat
2006-02-05 06:42 0 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 06:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-05 16:00 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.EXE" [2005-07-11 19:17 50776]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 12:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 16:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 16:27 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 10:59 385024]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 16:15 290816]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-11-10 07:54 598016]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 12:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 21:01 110592]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 08:58 135168]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-27 09:00 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-27 09:00 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 21:05 127035]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 02:50 71216]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 18:41 28738]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 08:58 53248]
"HostManager"="C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe" [2006-09-25 14:52 50736]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 11:33 99480]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-26 09:29 1232152]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-27 08:50:06 24576]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2004-06-23 14:23:00 15360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 07:59:36 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 12:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\1154060430\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-26 09:29]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-26 09:29]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-26 09:29]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-26 09:29]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2006-11-25 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ELLIEMAE-LADERTA.Barbara).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.dell4me.com/myway
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.dell4me.com/myway
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=6jkk571
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 16:07:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-31 16:09:46
ComboFix-quarantined-files.txt 2008-09-01 02:09:35
Pre-Run: 36,588,269,568 bytes free
Post-Run: 36,929,773,568 bytes free
181 --- E O F --- 2008-08-31 05:04:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:21 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1154060430\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=6jkk571
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10934 bytes
pskelley
2008-09-01, 12:43
Thanks for returning your information and the feedback, the error messages should stop once we get rid of the malware, but thanks for providing feedback. Follow the directions carefully and in the numbered order.
1) C:\Program Files\Java\jre1.5.0_06\ <<< Java is out of date, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
2) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
3) Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat
to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).
4) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/...6&dtag=6jkk571
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may results in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
7) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
How is the computer running now?
Thanks...Phil
I would like a look at the uninstall list, provide that like this:
add/remove in the control panel.
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Aloha...
Before I forget to mention it, your instructions are outstanding. : )
1. Uninstalled old Java
Installed Java SE Runtime Environment (JRE) Version 6 Update 7 per instructions
2. Disabled TeaTimer via S&D Advanced/Tools/Resident panel
3. Downloaded and installed ResetTeaTimer.bat
4. Downloaded ATF Cleaner to Desktop
5. Opened HijackThis and chose "Do a system scan only" then checked the boxes in front of the specified line items
6. Ran ATF Cleaner
7. Downloaded and installed Malwarebytes' Anti-Malware to the Desktop
Checked for updates
Performed full scan on C: drive [SHOULD IT BE DONE ON D:, TOO?]
OMG!! I kept checking the number of objects infected for about the first half hour, and saw 1. What a yawner...I came back to it after another half hour, and found 925 objects infected!! EGADS!
Far more than half are Adware.Casino, maybe 20 or 30 are Rogue.SystemDoctor, a few Rogue.Installer, two Trojan.Vundo and one Adware.MyWay.
Removed selected items (all)
Contents of the log, a new HJT, and the uninstall log are below, but in one or two more posts.
The computer was running better even before these actions, thank you. I'm re-starting it now to see how it goes...
Sweet! : )
There is still one message box that pops up:
Title: Title
Message: Topic
Icon: Exclamation point
Button: OK
I would appreciate info on what to discard/disable regarding programs like:
AOL Spyware Protection
AOL Computer Check-Up
Spybot S&D (a keeper)
AVG (a keeper)
Should I download Zone Alarm?
I just ran HJT Uninstall Manager. The log is also below. I think I see more than a few programs to delete. Your wish is my command. : )
I'm curious about G15A922EN.
Thank you very much. Til next time,
Tana-Lee
Let me try these first, and the malware in the next post:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:58 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\program files\common files\aol\1154060430\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10043 bytes
The uninstall list:
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 5.0 Sprint Plus
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AVG Free 8.0
Broadcom Management Programs 2
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Home Systems Services Agreement
Dell Media Experience
Dell Picture Studio v3.0
DellSupport
Diamond Club Casino 2
Digital Line Detect
G15A922EN
Get High Speed Internet!
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
[MICROSOFT PROGRAMS]
Mini Vegas Casino
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
NetZeroInstallers
PowerDVD 5.3
Pure Networks Port Magic
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer Basic
[SECURITY UPDATES]
Shockwave
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
SystemDoctor 2006 1.1.97.1
[OFFICE AND INSTALLER UPDATES]
Viewpoint Media Player
win4real.com
Windows Commander (Remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
[WINDOWS HOTFIXES]
WordPerfect Office 12
Malwarebytes' Anti-Malware 1.25
Database version: 1103
Windows 5.1.2600 Service Pack 2
5:06:34 PM 9/1/2008
mbam-log-09-01-2008 (17-06-34).txt
Scan type: Full Scan (C:\|)
Objects scanned: 105826
Time elapsed: 1 hour(s), 1 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 904
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c34a46d5-eb96-4afe-9212-5d0d3c1b3e82} (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\SystemDoctor 2006 (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\Download (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\SafeMedia (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\SafeMedia\Mp3DB (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\SafeMedia\MpegDB (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\SafeMedia\WaveDB (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\SystemDoctor 2006 (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\midi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\help (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\midi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs (Adware.Casino) -> Quarantined and deleted successfully.
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\xlibgfl254.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP102\A0033224.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP102\A0033227.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP102\A0033228.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP105\A0035706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP99\A0028541.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP99\A0028543.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP99\A0028545.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\activate.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\Activate.exe (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\Activate.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\DataBase.sav (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\InstHelp.exe (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\lapv.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\license.rtf (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\lock.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\manual.pdf (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\ModelLib.dll (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\ps.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\pv.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\readme.rtf (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\sd2006.url (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\sr.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\st.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\Support.exe (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\umain.xml (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\unins000.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\unins000.exe (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\up.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor 2006\updater.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\SystemDoctor 2006\err.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\SystemDoctor 2006\order.dll (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\bj.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\c2table.db (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\c2user.db (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\casino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\games.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\gp2.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\main.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\ro.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sl.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\vp.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_arrow.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg1_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg2_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg3.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg3_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg4.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg4_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_bkg5_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_but.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_cards.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_lightmap.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\bj_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Butt_ArrowDown.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Butt_ArrowUp.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Butt_Close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Butt_Close_Hi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Butt_Drop.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\but_arrows.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\but_check.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\But_Done.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\But_HOE.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\But_ICN.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\But_Insurance.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\but_invite.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\but_join.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\But_ok.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\but_public.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\but_radio.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\but_stnd_70.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\but_stnd_nrm.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\c_cashout.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\dice_anim2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\exclamation.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\font_main.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\font_outlined.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\font_scroll.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\font_scroll_w.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\game_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_arrow.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_billin_anim.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_bonus_bag.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_bonus_coin.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_bonus_kista1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_bonus_kista2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_cannonblow2_frames.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_cannonblow3_frames.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_cannonblow_frames.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_coinin_anim.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_digits.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_elakpirat_grin_frame.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_fireworks_anim.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_gojan_anim_1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_gojan_anim_2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_gojan_anim_3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_gojan_anim_4.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_handle.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_hook.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_h_maskin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_h_pelare.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_insertcoin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_jackpot.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_kartbitar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_knappar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_mitt.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_pay_bonus.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_pay_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_pay_center.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_pay_center_lit.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_pay_title.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_pirate_dig.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_value.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_v_maskin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_v_pelare.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_wheel_test.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\gp2_wheel_test_blured.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\icon_bj.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\icon_gp2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\icon_ro.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\icon_sl.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\icon_vp.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\info.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\infodesk_back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\infodesk_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\infodesk_bookcorners.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\infodesk_listhi.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\infodesk_memberhi.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_arrow_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_arrow_right.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_bj_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_bj_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_digits.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_gp2_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_gp2_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_gp2_values.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_left_side.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_lock.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_player_sep.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_private.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_right_side.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_room.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_ro_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_ro_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_sl_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_sl_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_vp_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_vp_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\jt_vp_values.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\lc_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\lc_butt.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\lc_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\login_dcc.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\main_cnuhi.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\main_menuarrows.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\main_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\mark_l_blue.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\mark_l_green.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\mark_l_lila.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\mark_l_red.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\mark_l_std.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\mark_l_yellow.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Mark_S_Blue.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Mark_S_Grn.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Mark_S_Lila.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Mark_S_Red.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Mark_S_Std.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Mark_S_Ylw.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Msg_icons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_bet.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Panel_Buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_butt_arrows.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_chat.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_coins.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_l.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_l_blank.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_l_coins.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_l_light.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_l_lightcoins.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Panel_options.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Panel_R.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_scroll.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_side_l.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_side_r.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\panel_slider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Player_Icons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Player_Icons2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Player_Namebox.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Player_Think.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Ro_betlimits.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\ro_bigball.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\ro_Bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\ro_BtnData.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\ro_close_anim.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\Ro_Historyled.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\ro_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\ro_player_color.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\ro_smallball.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\ro_wheel_anim.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\ro_winmarker.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_bill_in.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_bill_in_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_bkg_left.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_bkg_right.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_buttons.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_coin_buckets.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_coin_in.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_coin_in_left.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_digits.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_handle.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_handle_left.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_insert_money.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_paytable.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_reels.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_reels_blur.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\sl_value.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_cards.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_cashout_anim.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_centermachine.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_coinin_anim.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_digits.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_gameover.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_hold.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_insert.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_leftmachine.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_paytablelit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_rightmachine.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_slot_leftside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_slot_rightside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_toppanellit.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\vp_value.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_account.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_cashier_bgr.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_combomarker.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_dep.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_editbkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_green_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_radiobut.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\wd_with.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\win_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\win_bkg_drk.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\win_loading.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\Data\win_title_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\midi\intro.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\midi\stand11.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\midi\stand12.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\midi\stand6.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\midi\stand7.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_bjack.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_bust.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_checkbj.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_dbust.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_dhbj.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_dhnbj.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_idnpay.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_insur.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_iwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\bj_phbj.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_0.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_00.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_1.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_10.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_11.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_12.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_13.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_14.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_15.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_16.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_17.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_18.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_19.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_2.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_20.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_21.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_22.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_23.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_24.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_25.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_26.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_27.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_28.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_29.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_3.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_30.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_31.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_32.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_33.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_34.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_35.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_36.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_4.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_5.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_6.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_7.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_8.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_9.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_betexc.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_betlow.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_cashout.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_coinin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_dealrw.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_exiting.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_machine_btn.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_mkchoice.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_nmbet.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_ping.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_place.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_plyw.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_push.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_turn.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\c_welcome.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\gp2_cannon.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\gp2_dig.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\gp2_fanfar_long.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\gp2_fanfar_short.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\gp2_goja_oaeek.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\gp2_goja_oaek.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\gp2_laugh.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\ro_black.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\ro_bounc.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\ro_even.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\ro_odd.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\ro_red.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\ro_roll.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\slot_handle.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\slot_ping.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\slot_spin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\slot_stop.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\vp_flipcard.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\sfx\vp_ping.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\bj_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\bj_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\bj_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\bj_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\cashier.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\game_panel_bj.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\game_panel_gp2.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\game_panel_ro.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\game_panel_sl.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\game_panel_vp.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\gp2_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\gp2_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\gp2_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\gp2_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\join_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\lc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\ro_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\ro_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\ro_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\ro_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\sl_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\sl_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\sl_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\sl_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\vp_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\vp_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\vp_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Diamond Club Casino 2\xrs\vp_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\bj.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\c2table.db (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\c2user.db (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\casino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\cp.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\games.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\gp2.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\ke.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\main.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\mba.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\ro.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sl.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\vp.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\vssver.scc (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ba_cutcard.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ba_cutdeck.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_arrow.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg1_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg2_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg3.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg3_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg4.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg4_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_bkg5_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_but.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_cards.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_lightmap.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\bj_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\butt_arrowdown.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\butt_arrowup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\butt_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\butt_close_hi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\butt_drop.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_arrows.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_browse.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_check.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_done.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_hoe.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_icn.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_insurance.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_invite.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_join.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_newgame.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_ok.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_public.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_radio.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_stnd_70.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\but_stnd_nrm.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cardback2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\casino_light_alfa.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg1_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg2_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg3.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg3_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg4.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg4_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bkg5_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_bonuslights.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_but.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_discardmask.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_jackpot.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\cp_tablesign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\c_cashout.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\dice_anim2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\euro_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\euro_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\euro_close_anim.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\euro_wheel_anim.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\exclamation.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\font_main.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\font_outlined.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\font_scroll.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\font_scroll_w.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\game_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_arrow.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_billin_anim.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_bonus_bag.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_bonus_coin.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_bonus_kista1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_bonus_kista2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_cannonblow2_frames.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_cannonblow3_frames.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_cannonblow_frames.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_cashout_anim.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_coinin_anim.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_digits.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_elakpirat_grin_frame.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_fireworks_anim.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_gojan_anim_1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_gojan_anim_2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_gojan_anim_3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_gojan_anim_4.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_handle.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_hook.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_h_maskin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_h_pelare.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_insertcoin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_kartbitar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_knappar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_mitt.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_pay_bonus.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_pay_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_pay_center.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_pay_center_lit.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_pay_title.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_pirate_dig.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_value.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_v_maskin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_v_pelare.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_wheel_test.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\gp_wheel_test_blured.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\icon_bj.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\icon_cp.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\icon_euro.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\icon_gp2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\icon_ke.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\icon_mba.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\icon_sl.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\icon_vp.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\info.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\infodesk_back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\infodesk_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\infodesk_bookcorners.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\infodesk_listhi.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\infodesk_memberhi.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\join_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_arrow_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_arrow_right.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_bj_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_bj_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_cp_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_cp_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_digits.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_euro_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_euro_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_gp2_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_gpsl_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_gpsl_values.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_ke_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_ke_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_left_side.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_lock.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_mba_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_mba_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_player_sep.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_private.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_right_side.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_room.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_sl_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_sl_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_vp_icon.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_vp_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\jt_vp_values.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_backrow.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_balls.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_digits.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_digits_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_displays.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_drinks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_maps.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_player_positions.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_sides.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ke_sign_map.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\lc_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\lc_butt.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\lc_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\login.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\lysror_anim.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_bj_preview.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_cashier_high.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_cashier_norm.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_cp_preview.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_gp2_preview.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_info_high.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_info_norm.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_ke_preview.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_mba_preview.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_menu_arrows.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_news_high.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_news_norm.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_ro_preview.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_sl_preview.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\main_vp_preview.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_l_blue.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_l_green.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_l_lila.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_l_red.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_l_std.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_l_yellow.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_s_blue.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_s_grn.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_s_lila.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_s_red.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_s_std.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mark_s_ylw.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_bkg1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_bkg2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_bkg3.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_emptycs.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_seat1_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_seat2_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_seat3_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_seat4_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_seat5_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_seat6_btndata.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_tablesign1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_tablesign2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mba_tablesign3.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\mini_dark.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\msg_icons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_bet.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_butt_arrows.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_chat.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_coins.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_l.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_l_blank.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_l_coins.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_l_light.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_l_lightcoins.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_options.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_r.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_scroll.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_side_l.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_side_r.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\panel_slider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\player_icons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\player_icons2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\player_namebox.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\player_think.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\poker_cards.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ro_betlimits.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ro_bigball.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ro_historyled.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ro_pal.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ro_player_color.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ro_smallball.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\ro_winmarker.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\slot_jackpot.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_bet_values.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_bill_in.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_bkg_left.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_bkg_right.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_buttons.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_coinbuckets.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_digits.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_handle.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_handle_left.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_insert_money.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_money_in2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_paytable.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_reels.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_reels_blur.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\sl_sign.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_bill_in.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_bill_in_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_bkg_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_bkg_right.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_cards.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_card_back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_coin_buckets.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_coin_in.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_coin_in_left.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_hold.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_insert_money.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_paytable.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_sign.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vp_text.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\vssver.scc (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\wd_account.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\wd_back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\wd_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\wd_cashier_bgr.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\wd_dep.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\wd_green_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\wd_radiobut.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\wd_with.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\web_anim.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\win_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\win_bkg_drk.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\win_loading.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\win_main_drk.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\data\win_title_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\help\cashierhelp.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\midi\mini1.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\midi\mini2.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\midi\mini3.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\midi\mini4.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\midi\mini5.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\midi\mini5a.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_1bnk.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_1ply.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_bawna.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_bnkh.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_bnkw.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_cardspl.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_dealer.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_natural.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_nbchair.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_over.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_pchair.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_plwna.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_plyh.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_plyw.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_tiew.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ba_wturnp.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\bj_bust.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\bj_checkbj.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\bj_dbust.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\bj_dhbj.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\bj_dhnbj.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\bj_idnpay.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\bj_insur.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\bj_iwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\bj_phbj.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_anteplease.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_ddntq.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dh1.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dh2.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dhflu.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dhfok.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dhful.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dhroyflu.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dhstr.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dhstrflu.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dhtok.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_dqak.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_high.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_markerdown.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_tok.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_wowfok.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_wowful.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_wowroyflu.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_wowstrflu.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_yh.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_yh1.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_yh2.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_yhak.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_yhflu.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\cp_yhstr.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_0.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_1.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_10.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_11.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_12.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_13.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_14.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_15.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_16.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_17.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_18.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_19.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_2.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_20.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_21.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_22.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_23.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_24.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_25.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_26.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_27.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_28.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_29.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_3.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_30.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_31.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_32.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_33.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_34.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_35.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_36.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_4.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_5.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_6.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_7.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_8.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_9.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_betexc.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_betlow.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_cardmove.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_cashout.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_coinin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_counter.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_dealrw.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_machine_btn.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_mkchoice.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_nmbet.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_ping.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_place.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_plyw.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_push.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_turn.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_welcome.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\c_welcome2.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\exiting.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\gp_cannon.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\gp_dig.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\gp_fanfar_long.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\gp_fanfar_short.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\gp_goja_oaeek.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\gp_goja_oaek.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\gp_laugh.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_ball.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_begin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_card.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_display.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_end.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_hit.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_play.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_sign.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_value.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ke_win.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\p_ace.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\p_jack.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\p_king.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\p_queen.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ro_black.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ro_bounc.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ro_even.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ro_odd.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ro_red.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\ro_roll.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\slot_butt.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\slot_handle.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\slot_ping.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\slot_spin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\slot_stop.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\sl_handle.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\sl_spin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\sl_stop.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\vp_flipcard.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\sfx\vssver.scc (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\bj_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\bj_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\bj_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\bj_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\cashier.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\cp_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\cp_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\cp_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\cp_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\euro_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\euro_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\euro_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\euro_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\game_panel_bj.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\game_panel_cp.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\game_panel_euro.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\game_panel_ke.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\game_panel_mba.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\game_panel_sl.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\game_panel_slot.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\game_panel_vp.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\gp2_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\gp2_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\gp2_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\gp2_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\join_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\ke_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\ke_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\ke_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\ke_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\lc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\mba_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\mba_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\mba_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\mba_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\sl_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\sl_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\sl_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\sl_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\vp_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\vp_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\vp_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\vp_options.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Mini Vegas Casino\xrs\vssver.scc (Adware.Casino) -> Quarantined and deleted successfully.
Aloha, again...
Please recall that this is not my laptop. : )
Something tells me we need to delete Casino and SystemDoctor among others.
You're awesome. Thank you!
Tana-Lee
pskelley
2008-09-02, 12:22
As you can see from the scans, especially MBAM, your boss is not very careful about what they put on their computer. Perhaps you should NOT give it back:sad:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:33:58 PM, on 9/1/2008
This HJT log looks good, two things I suggest BUT NOT UNTIL WE ARE FINISHED.
1) Install Internet Explorer 7:
http://www.microsoft.com/windows/products/winfamily/ie/default.mspx
2) Install Service Pack #3 >>> free Microsoft help is available if needed.
http://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11273&gprid=522131
The uninstall list <<< I look for security issues and malware only.
Adobe Acrobat - Reader 6.0.2 Update <<< out of date and hackers do exploit this.
Adobe Reader 9.0
http://www.filehippo.com/download_adobe_reader/
G15A922EN <<< for your information only
http://g15a922en.software.informer.com/
J2SE Runtime Environment 5.0 Update 6
Uninstall this, you have 6 Update 7
My Way Search Assistant <<< uninstall this, junk adware
SystemDoctor 2006 1.1.97.1 <<< rouge program that installs malware, uninstall this:
http://www.siteadvisor.cn/sites/systemdoctor.com/downloads/3445802/
Viewpoint Media Player <<< aol junk, uninstall and see this:
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
I would appreciate info on what to discard/disable regarding programs like:
AOL Spyware Protection
AOL Computer Check-Up
I am the wrong one to ask, I do not allow aol anything on any computer I own, you will have to research those and decide.
This is the next bridge we need to cross:
I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.
http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif
Since we do not need to scan with combofix, click NO
http://img.photobucket.com/albums/v666/sUBs/RC_whatnext.gif
http://img.photobucket.com/albums/v666/sUBs/RC_AllDone.gif
Thanks
Aloha...
Uninstalled:
- Adobe Acrobat - Reader 6.0.2 Update
- G15A922EN just because
- J2SE Runtime Environment 5.0 Update 6
++++++++++
Hmmm...Cannot uninstall My Way Search Assistant.
Error message:
RUNDLL
Error loading C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll
The specified module could not be found.
++++++++++
- System Doctor: Error message that it appears to have been uninstalled, but it offered to remove from uninstall list. I removed it from the list.
- Viewpoint Media Player
While trying to load the Recovery Console, the following error message came up:
++++++++++
32788R2FWJFW\hidec.exe
Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item.
++++++++++
ComboFix was updated
After holding my breath and clicking OK, the Console was installed. I clicked No to the Scan. The following is the log:
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Thank YOU!! : )
Tana-Lee
pskelley
2008-09-02, 22:46
Recovery Console was installed correctly, some information:
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/307654
Recovery Console is a tool that will allow you to recover from a catastrophic system failure, so let's hope you never need it. Many experts believe Microsoft should have installed it by default.
Before we remove combofix, please post a fresh HJT log for a last look.
Thanks
Aloha...
The HJT log is below.
My boss said that the Casino programs were installed from disk. Do you know why they would be adwares?
You've been GREAT!!
Tana-Lee
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:40 AM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\common files\aol\1154060430\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154060430\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10156 bytes
pskelley
2008-09-03, 01:34
Thanks for returning your information and the feedback, you asked:
My boss said that the Casino programs were installed from disk.
No, but after seeing how your "boss" treats a computer I don't have a lot of respect from anything he says. It is his computer, if he want to reinstall anything we removed there is little we can do to prevent it. I found this at Goggle:
http://www.google.com/search?hl=en&q=Adware.Casino&btnG=Google+Search&aq=f&oq=
The HJT log looks clean of malware
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Let's make sure there are no infected System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Run MBAM to make sure we missed none of the junk, no need to post a clean scan result.
Update AVG and scan the sytem to make sure it is scanning clean.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
Aloha...
I ran MBAM, which only ran for about 23 minutes, this time. It was clean.
I ran AVG, which took about an hour and a half. It showed 4 tracking cookies: 2 from DoubleClick and 2 from MSN Portal.
I'm having a terrrible time getting the internet to work consistently. I had problems last night, but finally got it working. Today it's repeating the same problem. (I'm typing from my own laptop.)
As mentioned, the problem laptop has A*L (the nasty three letter word) running on it. I think it must the owner's ISP.
I tried killing the dial-up winodw that kept popping up, and succeeded. I use ClearWire, so I disbaled the 1394 connection, and am using the Local Area Connection, as I did last night. Every time I plug the cable in, and try to access ANY site, I see a lot of flashing in the status bar, but no site will load.
Maybe I should try giving ClearWire support a call.
Anyway, I'm trying to get back to you so we can finish up, but I have this one snag to take care of.
I'll let you know if I get it figured out. (And/or check to see if you might know what's happening.)
Thank you very much.
Tana-Lee
Aloha, again...
What's the catch phrase? "Mybad"?
I paused the AVG scan last night, and put the laptop into the Hibernate mode.
I reumed the scan today, then tried connecting to the internet when it was finished.
It was apparently trying to go through all of its failed AVG update attempts from the time it was disconnected (when Starbucks closed).
Anyway, it's running fine now...I think.
So what's next, please?
Tana-Lee
pskelley
2008-09-04, 13:28
Since the last two scans came out clean, and the computer appears to be clean of malware, I would say you are good to go.
Thanks
Aloha...
May I just ask if you think that for security reasons I would do any better downloading Firefox 3 rather than IE 7?
You :crowned: have been SO great! Thank you ad infinitum.
I'm between paydays, but fully expect to make a donation.
Thanks again.
Tana-Lee
pskelley
2008-09-04, 21:29
I personally have both installed, but I use IE7. I keep a current copy of Firefox in case I need a backup browser.
Thanks
Aloha...
An AOL Spyware Protection window keeps popping up with a warning about the trojan Bifrost. I blocked it just now, after looking at http://en.wikipedia.org/wiki/Bifrost_(trojan_horse) and the post at: http://forums.spybot.info/showthread.php?t=21198&highlight=bifrost
It looks like the user had to run TotalScan before Katana could see that the computer was infected. Is that another program that we shouldn't use without supervision? Should I run it just in case?
I still need to read the info you gave me links to. My biggest question before giving this laptop back to my boss is what security programs I should set to run and which I should disable.
On my own laptop, I have ZoneAlarm (free), AVG (free), and Spybot S&D.
I was just now looking at the Services in MSConfig. I see that Remote Registry, Remote Access Manager, Remote Procedure call are running. Is that okay???
I'll do some of that reading you recommended.
Thanks, still...
Tana-Lee
pskelley
2008-09-06, 00:10
An AOL Spyware Protection window keeps popping up with a warning about the trojan Bifrost. I blocked it just now, after looking at
You would have to show where this trojan is located according to aol. I know nothing about the program, do not allow aol on my computers.
I you have read the links from experts I provided, I do not believe you would be asking questions about what to run.
If you want to know what something is, use a search engine lnk google:
Example: Remote Registry
http://www.google.com/search?hl=en&q=Remote+Registry&btnG=Google+Search&aq=f&oq=
If you want to check for hidden malware, do this:
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here.