Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NOT RESPONDING


  • This topic is locked This topic is locked
53 replies to this topic

#1 Goober17

Goober17

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:12:14 PM

Posted 09 March 2009 - 04:46 PM

keeps freezing.....lots of "not responding"...some times blue screen....have to reboot alot...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:23 PM, on 3/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [Spyware Cleaner Monitor] "C:\Program Files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" /start /minimize
O4 - HKCU\..\Run: [Memory Optimizer] C:\Program Files\PC Health Optimizer Free Edition\docmemopt.exe min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Poker Rewards Poker - {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - C:\Program Files\pokerrewardsMPP\MPPoker.exe
O9 - Extra button: Poker Host Poker - {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - (no file)
O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - (no file)
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Intertops Poker - {A2AB1320-B1B6-40fd-A694-8197D8596FFD} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: VIP Poker - {E9790AAA-6E47-4488-A493-27F78954DA0B} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Eurolinx - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: VIP.com - {169c05c6-1c11-4e6b-a396-836fa4b43db7} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VIP.com\VIP.com.lnk (HKCU)
O9 - Extra button: IronDuke - {21efa308-eaa1-4c5c-8209-1393cc02af6d} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IronDuke\IronDuke.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra button: WassPoker - {4053ebe6-a54d-4bb9-b118-ce1d8f99a548} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WassPoker\WassPoker.lnk (HKCU)
O9 - Extra button: ReeferPoker - {60a501e4-a078-4cb2-8728-3fab4264f3c1} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O9 - Extra button: PokerNordica - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerNordica\PokerNordica.lnk (HKCU)
O9 - Extra button: Aced.com - {bdb825fa-7a98-498f-b101-45a8f268a1ff} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aced.com\Aced.com.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235768853925
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FC5FCD-5AEA-49CD-BC25-F0DB8630A981}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FC5FCD-5AEA-49CD-BC25-F0DB8630A981}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: DeviceExpert - Unknown owner - C:\AdventNet\DeviceExpert\bin\wrapper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12045 bytes

BC AdBot (Login to Remove)

 


#2 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:12:14 PM

Posted 12 March 2009 - 04:05 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by Michael P at 16:46:30.70 on Thu 03/12/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.988 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael P\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
uRun: [Spyware Cleaner Monitor] "c:\program files\pc health optimizer free edition\spywarecleaner\RealTimeMonitorSC.exe" /start /minimize
uRun: [Memory Optimizer] c:\program files\pc health optimizer free edition\docmemopt.exe min
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - c:\program files\pokerrewardsmpp\MPPoker.exe
IE: {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
IE: {725E77D3-B919-4eef-8EEE-D09DE618B6C1}
IE: {A2AB1320-B1B6-40fd-A694-8197D8596FFD}
IE: {E9790AAA-6E47-4488-A493-27F78954DA0B}
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235768853925
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
TCP: {27FC5FCD-5AEA-49CD-BC25-F0DB8630A981} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-19 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-28 107912]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-1-27 20392]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-6-19 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-19 298264]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-27 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-27 712048]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
S2 DeviceExpert;DeviceExpert;c:\adventnet\deviceexpert\bin\wrapper.exe -s c:\adventnet\deviceexpert\conf\wrapper.conf --> c:\adventnet\deviceexpert\bin\wrapper.exe -s c:\adventnet\deviceexpert\conf\wrapper.conf [?]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-03-11 12:43 6,200 a------- c:\windows\system32\INT13EXT.VXD
2009-03-11 12:43 <DIR> --d----- c:\program files\PC Inspector File Recovery
2009-03-11 09:32 268,288 a------- c:\windows\system32\schannel.dll
2009-03-11 09:32 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-10 16:53 <DIR> --d----- c:\programdata\Avira
2009-03-10 16:53 <DIR> --d----- c:\progra~2\Avira
2009-03-10 16:53 <DIR> --d----- c:\program files\Avira
2009-03-10 15:39 <DIR> --d----- c:\programdata\WindowsSearch
2009-03-09 18:02 <DIR> --d----- c:\users\michael p\.housecall6.6
2009-03-09 16:42 <DIR> --d----- c:\program files\Trend Micro
2009-02-26 15:54 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-02-26 15:54 7,680 a------- c:\windows\system32\spwmp.dll
2009-02-26 15:54 4,096 a------- c:\windows\system32\msdxm.ocx
2009-02-26 15:54 4,096 a------- c:\windows\system32\dxmasf.dll
2009-02-14 11:57 <DIR> --d----- c:\program files\VIP.com
2009-02-13 16:58 <DIR> --d----- c:\users\michae~1\appdata\roaming\Malwarebytes
2009-02-13 16:58 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-13 16:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 16:58 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-13 16:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 16:58 <DIR> --d----- c:\progra~2\Malwarebytes
2009-02-13 16:41 <DIR> --d----- c:\program files\Glary Utilities
2009-02-11 09:49 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_dc3d_01005.Wdf

==================== Find3M ====================

2009-03-12 09:17 42,230 a------- c:\programdata\nvModes.dat
2009-03-12 09:17 42,230 a------- c:\progra~2\nvModes.dat
2009-03-10 16:26 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-10 16:26 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-10 16:26 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-11 19:10 936,288 a------- c:\windows\system32\Incinerator.dll
2009-02-11 09:49 51,200 a------- c:\windows\inf\infpub.dat
2009-02-11 09:49 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-11 09:49 86,016 a------- c:\windows\inf\infstor.dat
2009-01-27 13:40 74,703 a------- c:\windows\system32\mfc45.dll
2009-01-15 10:15 15,360 a------- c:\windows\system32\drivers\dc3d.sys
2009-01-15 02:11 827,392 a------- c:\windows\system32\wininet.dll
2008-12-25 15:05 216,064 a------- c:\windows\iun3405.exe
2008-12-15 15:21 174 a--sh--- c:\program files\desktop.ini
2008-12-15 14:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-15 14:26 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-12-15 14:26 82,432 a------- c:\windows\system32\axaltocm.dll
2008-12-13 21:53 737,280 a------- c:\windows\iun6002.exe
2008-04-01 18:55 32 a------- c:\programdata\ezsid.dat
2008-04-01 18:55 32 a------- c:\progra~2\ezsid.dat
2007-06-03 09:15 13,213 a------- c:\users\michae~1\appdata\roaming\nvModes.dat
2007-04-14 19:58 352,987 a------- c:\program files\REPORT.HTM
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-22 20:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 16:47:32.51 ===============

#3 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:12:14 PM

Posted 15 March 2009 - 09:54 AM

done some cleaning, working better but still not right...something keeps trying to change my file type associations..... what is "wpsaver" ?

Posted Image

Edited by Goober17, 15 March 2009 - 09:56 AM.


#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:01:14 PM

Posted 21 March 2009 - 04:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:12:14 PM

Posted 24 March 2009 - 01:50 PM

sorry, been out of town...just got back...

hmmm...got Attach-Notepad, but not sure how to zip it...sorry never figured out how the "zip stuff" works.... :thumbup2:

thanks for your help


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/19/2007 10:24:55 AM
System Uptime: 3/24/2009 9:07:06 AM (5 hours ago)

Motherboard: Quanta | | 30BD
Processor: Intel® Core™ Duo CPU T2250 @ 1.73GHz | U2E1 | 1733/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 66.695 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 2.615 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0000
Service: tunmp

==== System Restore Points ===================

RP851: 3/13/2009 12:40:28 AM - Windows Update
RP852: 3/13/2009 7:16:04 PM - Scheduled Checkpoint
RP853: 3/14/2009 12:21:31 PM - Installed Pure Networks Platform
RP854: 3/14/2009 12:24:50 PM - Installed Network Magic
RP855: 3/15/2009 7:00:04 PM - Windows Backup
RP856: 3/16/2009 10:15:08 AM - lv
RP857: 3/16/2009 1:48:51 PM - Windows Update
RP858: 3/17/2009 9:24:44 AM - Scheduled Checkpoint
RP859: 3/24/2009 7:59:28 AM - Windows Update
RP860: 3/24/2009 9:19:30 AM - Windows Backup

==== Installed Programs ======================

7-Zip 4.65
a-squared Free 3.5
Absolute Poker
Aced.com
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
ASL_HS_Installer32
AVG Anti-Rootkit Free
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 7.2
BetUS Poker
Bodog Poker Version 2.13.7.4
Cake Poker
CCleaner (remove only)
Cellsino
ColoradoPokerFriends.com Interactive Poker Setup
D-Link AirPlus G Wireless Adapter
DivX Content Uploader
DivX Web Player
DoylesRoom
EASEUS Partition Manager Personal 1.6.4
Eusing Free Registry Cleaner
Full Tilt Poker
Gadwin PrintScreen
Glary Registry Repair 2.9
Glary Utilities 2.10.0.622
Google Toolbar for Internet Explorer
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Connections (remove only)
HP Customer Experience Enhancements
hp deskjet 940c series (Remove only)
HP Help and Support
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0049
HP Wireless Assistant
HPNetworkAssistant
Internet Speed Tester 3.0
iolo technologies' System Mechanic Professional
IronDuke
Java™ SE Runtime Environment 6
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Network Magic
NLOP
NVIDIA Drivers
Password Power 2.0
PC Health Optimizer Free Edition
PC Inspector File Recovery
Picasa 2
PlayersCardroom
PlayersOnly Poker
Pokerari
PokerStars
Pure Networks Platform
RaiderPoker
RealPlayer
ReeferPoker
Revo Uninstaller 1.80
Rosso Poker
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for CAPICOM (KB931906)
Skype™ 3.6
Smart Defrag 1.11
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
Sportsbook.com Poker
Spybot - Search & Destroy
Spyware Doctor 5.1
SpywareBlaster 4.1
Super Fast Shutdown 1.0
Synaptics Pointing Device Driver
TheNutz
Third Bullet Poker
UltimateBet
VIP.com
WassPoker
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Sync

==== Event Viewer Messages From Past Week ========

3/17/2009 7:32:42 AM, Error: volmgr [46] - Crash dump initialization failed!
3/17/2009 7:36:27 AM, Error: EventLog [6008] - The previous system shutdown at 12:03:08 AM on 3/17/2009 was unexpected.
3/17/2009 7:36:45 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/17/2009 7:36:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DeviceExpert service to connect.
3/17/2009 7:36:45 AM, Error: Service Control Manager [7000] - The DeviceExpert service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/17/2009 7:36:45 AM, Error: Service Control Manager [7024] - The AVG Free8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
3/17/2009 7:36:45 AM, Error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
3/17/2009 7:37:48 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
3/17/2009 7:37:48 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/17/2009 7:38:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
3/17/2009 7:38:30 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MIKE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{27FC5FCD-5AEA-49CD-BC25-F0DB8630A981}. The master browser is stopping or an election is being forced.
3/17/2009 9:49:23 AM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.95. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
3/24/2009 7:51:02 AM, Error: EventLog [6008] - The previous system shutdown at 11:27:47 AM on 3/17/2009 was unexpected.

==== End Of File ===========================

#6 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:01:14 PM

Posted 24 March 2009 - 01:57 PM

Not a problem with the Zip.

Hang on - another will be coming to help.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:14 PM

Posted 25 March 2009 - 10:07 AM

Hi Goober17,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool or have made a major change to the system since your last post. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.
You might want to save this page on your favorites, so you can find it again when you return.

Edited by farbar, 25 March 2009 - 10:08 AM.


#8 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:12:14 PM

Posted 25 March 2009 - 11:21 AM

I run Malewarebytes...finds same thing each time: OPEN.COMMAND, changes my flie associations (see screen shot in earlier post)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael P at 2009-03-25 12:08:41
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 68 GB (63%) free of 108 GB
Total RAM: 2045 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:47 PM, on 3/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Poker.com\client.exe
C:\Users\Michael P\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Michael P.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [Spyware Cleaner Monitor] "C:\Program Files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" /start /minimize
O4 - HKCU\..\Run: [Memory Optimizer] C:\Program Files\PC Health Optimizer Free Edition\docmemopt.exe min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Poker Rewards Poker - {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - C:\Program Files\pokerrewardsMPP\MPPoker.exe
O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - (no file)
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Intertops Poker - {A2AB1320-B1B6-40fd-A694-8197D8596FFD} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: VIP Poker - {E9790AAA-6E47-4488-A493-27F78954DA0B} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Eurolinx - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: VIP.com - {169c05c6-1c11-4e6b-a396-836fa4b43db7} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VIP.com\VIP.com.lnk (HKCU)
O9 - Extra button: IronDuke - {21efa308-eaa1-4c5c-8209-1393cc02af6d} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IronDuke\IronDuke.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra button: WassPoker - {4053ebe6-a54d-4bb9-b118-ce1d8f99a548} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WassPoker\WassPoker.lnk (HKCU)
O9 - Extra button: ReeferPoker - {60a501e4-a078-4cb2-8728-3fab4264f3c1} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O9 - Extra button: PokerNordica - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerNordica\PokerNordica.lnk (HKCU)
O9 - Extra button: Aced.com - {bdb825fa-7a98-498f-b101-45a8f268a1ff} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aced.com\Aced.com.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235768853925
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FC5FCD-5AEA-49CD-BC25-F0DB8630A981}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FC5FCD-5AEA-49CD-BC25-F0DB8630A981}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: DeviceExpert - Unknown owner - C:\AdventNet\DeviceExpert\bin\wrapper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12126 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Advanced WindowsCare Personal Startup.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\SmartDefrag.job
C:\Windows\tasks\User_Feed_Synchronization-{E46A6D64-F5AF-4452-959B-1829DB72A772}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-17 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-29 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-27 441408]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-16 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iolo Startup"=C:\Program Files\iolo\Common\Lib\ioloLManager.exe [2009-02-11 314224]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SMRequiresRestart"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2007-09-07 292152]
"Spyware Cleaner Monitor"=C:\Program Files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe [2008-05-21 2186752]
"Memory Optimizer"=C:\Program Files\PC Health Optimizer Free Edition\docmemopt.exe [2008-05-28 2682880]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{820d48b9-9518-11dc-ae94-001636f09693}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - system.exe
shell\Open\command - system.exe


======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2009-03-16 16:40:09 ----D---- C:\rsit
2009-03-14 13:25:25 ----D---- C:\Program Files\Pure Networks
2009-03-14 13:22:56 ----DC---- C:\Windows\system32\DRVSTORE
2009-03-14 13:22:48 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-03-14 13:21:11 ----D---- C:\ProgramData\Pure Networks
2009-03-13 09:16:12 ----D---- C:\Program Files\SpywareBlaster
2009-03-12 16:01:04 ----D---- C:\Program Files\7-Zip
2009-03-11 20:37:14 ----A---- C:\EventLOG.txt
2009-03-11 12:43:49 ----D---- C:\Program Files\PC Inspector File Recovery
2009-03-11 09:39:02 ----D---- C:\Program Files\Recuva
2009-03-11 09:32:16 ----A---- C:\Windows\system32\schannel.dll
2009-03-10 16:53:32 ----D---- C:\ProgramData\Avira
2009-03-10 16:53:31 ----D---- C:\Program Files\Avira
2009-03-10 16:09:35 ----A---- C:\ComboFix.txt
2009-03-10 16:03:05 ----D---- C:\Windows\ERDNT
2009-03-10 15:39:10 ----D---- C:\ProgramData\WindowsSearch
2009-03-09 16:42:15 ----D---- C:\Program Files\Trend Micro
2009-02-26 15:54:46 ----A---- C:\Windows\system32\wmp.dll
2009-02-26 15:54:44 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-26 15:54:44 ----A---- C:\Windows\system32\spwmp.dll
2009-02-26 15:54:44 ----A---- C:\Windows\system32\dxmasf.dll
2009-02-16 14:52:48 ----D---- C:\Program Files\Windows Live
2009-02-14 11:57:40 ----D---- C:\Program Files\VIP.com
2009-02-13 16:58:45 ----D---- C:\Users\Michael P\AppData\Roaming\Malwarebytes
2009-02-13 16:58:39 ----D---- C:\ProgramData\Malwarebytes
2009-02-13 16:58:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-13 16:41:50 ----D---- C:\Users\Michael P\AppData\Roaming\Mozilla
2009-02-13 16:41:39 ----D---- C:\Program Files\Glary Utilities
2009-02-11 09:43:56 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 09:43:55 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 09:43:54 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 09:43:53 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 09:43:53 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 09:43:52 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 09:43:52 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-11 09:43:52 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 09:43:47 ----A---- C:\Windows\system32\EncDec.dll
2009-02-11 09:43:45 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-08 15:27:08 ----D---- C:\Program Files\ReeferPoker
2009-02-08 02:16:43 ----D---- C:\Program Files\PCPitstop
2009-02-04 01:19:42 ----D---- C:\Users\Michael P\AppData\Roaming\PokerCreations
2009-02-04 00:57:06 ----D---- C:\Users\Michael P\AppData\Roaming\NLOP
2009-02-04 00:56:36 ----D---- C:\Program Files\NLOP
2009-02-02 22:49:50 ----D---- C:\ProgramData\DoylesRoom
2009-02-02 21:15:32 ----AD---- C:\Program Files\DoylesRoom
2009-01-31 12:49:57 ----D---- C:\Users\Michael P\AppData\Roaming\RetinaX
2009-01-29 19:57:42 ----A---- C:\Windows\system32\infocardapi.dll
2009-01-29 19:57:41 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-01-29 19:57:41 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-01-29 19:57:41 ----A---- C:\Windows\system32\icardres.dll
2009-01-29 19:57:41 ----A---- C:\Windows\system32\icardagt.exe
2009-01-29 19:57:39 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-01-29 19:57:37 ----A---- C:\Windows\system32\PresentationHost.exe
2009-01-29 19:50:11 ----A---- C:\Windows\system32\dfshim.dll
2009-01-29 19:49:59 ----A---- C:\Windows\system32\netfxperf.dll
2009-01-29 19:49:59 ----A---- C:\Windows\system32\mscoree.dll
2009-01-29 19:49:49 ----A---- C:\Windows\system32\mscorier.dll
2009-01-29 19:49:43 ----A---- C:\Windows\system32\mscories.dll
2009-01-27 13:48:17 ----A---- C:\Windows\system32\Incinerator.dll
2009-01-27 13:48:07 ----A---- C:\Windows\system32\smrgdf.exe
2009-01-27 13:48:07 ----A---- C:\Windows\system32\iolobtdfg.exe
2009-01-27 13:48:04 ----D---- C:\Program Files\iolo
2009-01-27 13:40:36 ----A---- C:\Windows\system32\mfc45.dll
2009-01-27 13:36:14 ----D---- C:\Users\Michael P\AppData\Roaming\iolo
2009-01-27 13:36:14 ----D---- C:\ProgramData\iolo
2009-01-20 21:16:49 ----D---- C:\Program Files\Aced.com
2009-01-20 08:15:58 ----D---- C:\Program Files\PC Health Optimizer Free Edition
2009-01-19 19:39:50 ----D---- C:\Program Files\Microsoft
2009-01-12 23:02:33 ----D---- C:\ProgramData\Third Bullet
2009-01-12 22:10:48 ----AD---- C:\Program Files\Third Bullet
2009-01-04 01:30:18 ----D---- C:\Users\Michael P\AppData\Roaming\PlayersCardroom

======List of files/folders modified in the last 3 months======

2009-03-25 12:08:35 ----D---- C:\Windows\Temp
2009-03-25 12:02:20 ----D---- C:\Program Files\Full Tilt Poker
2009-03-25 11:34:49 ----D---- C:\Windows\tracing
2009-03-25 10:56:11 ----D---- C:\Windows\Prefetch
2009-03-25 10:52:38 ----D---- C:\Program Files\Poker.com
2009-03-25 10:08:05 ----D---- C:\Windows\System32
2009-03-25 10:08:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-25 10:08:04 ----D---- C:\Windows\inf
2009-03-25 10:00:54 ----SHD---- C:\boot
2009-03-25 10:00:49 ----D---- C:\Windows\system32\config
2009-03-24 23:44:39 ----D---- C:\Users\Michael P\AppData\Roaming\Skype
2009-03-24 22:50:58 ----D---- C:\Users\Michael P\AppData\Roaming\skypePM
2009-03-24 19:48:15 ----D---- C:\Program Files\CarbonPoker
2009-03-24 11:58:32 ----AD---- C:\Program Files\Cake Poker
2009-03-24 09:19:52 ----SHD---- C:\System Volume Information
2009-03-24 07:59:52 ----D---- C:\Windows\system32\catroot2
2009-03-17 08:50:12 ----D---- C:\Windows\Debug
2009-03-17 08:50:12 ----D---- C:\Windows
2009-03-17 08:50:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-03-16 14:30:32 ----D---- C:\Users\Michael P\AppData\Roaming\Cellsino
2009-03-15 22:18:45 ----SD---- C:\Windows\Downloaded Program Files
2009-03-15 20:44:27 ----AD---- C:\ProgramData\TEMP
2009-03-14 14:52:24 ----D---- C:\Windows\system32\drivers
2009-03-14 13:26:34 ----SHD---- C:\Windows\Installer
2009-03-14 13:25:25 ----RD---- C:\Program Files
2009-03-14 13:24:02 ----D---- C:\Windows\system32\catroot
2009-03-14 13:22:48 ----D---- C:\Program Files\Common Files
2009-03-14 13:21:11 ----HD---- C:\ProgramData
2009-03-12 11:18:48 ----D---- C:\Windows\system32\en-US
2009-03-12 11:14:45 ----SD---- C:\Users\Michael P\AppData\Roaming\Microsoft
2009-03-12 11:14:37 ----D---- C:\ProgramData\avg8
2009-03-12 01:28:44 ----D---- C:\Program Files\Super Fast Shutdown
2009-03-12 01:27:12 ----D---- C:\Windows\system32\Tasks
2009-03-11 19:10:25 ----D---- C:\Windows\winsxs
2009-03-11 18:55:05 ----D---- C:\Program Files\Windows Mail
2009-03-11 18:05:10 ----HD---- C:\$AVG8.VAULT$
2009-03-11 15:27:02 ----D---- C:\Program Files\ZipItFree
2009-03-11 12:43:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-10 16:26:17 ----A---- C:\Windows\system32\avgrsstx.dll
2009-03-10 16:07:06 ----A---- C:\Windows\system.ini
2009-03-10 16:06:15 ----D---- C:\Windows\AppPatch
2009-03-08 18:39:31 ----D---- C:\Program Files\IObit
2009-03-08 18:37:15 ----D---- C:\Windows\Tasks
2009-03-08 16:18:34 ----D---- C:\Windows\system32\LogFiles
2009-03-08 16:13:27 ----D---- C:\Program Files\CCleaner
2009-03-08 15:49:01 ----D---- C:\Program Files\a-squared Free
2009-03-08 14:32:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-08 11:23:49 ----D---- C:\Users\Michael P\AppData\Roaming\IObit
2009-03-08 08:49:12 ----D---- C:\ProgramData\NVIDIA
2009-03-07 13:48:42 ----D---- C:\ProgramData\Motive
2009-03-05 23:51:39 ----D---- C:\Program Files\ColoradoPokerFriends.com
2009-03-05 23:51:39 ----AD---- C:\Program Files\Sportsbook Poker
2009-03-05 19:56:59 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-27 17:07:48 ----D---- C:\Windows\SoftwareDistribution
2009-02-26 15:59:01 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-26 15:56:08 ----D---- C:\Program Files\Windows Media Player
2009-02-26 15:53:24 ----D---- C:\Users\Michael P\AppData\Roaming\Microgaming
2009-02-26 15:45:29 ----D---- C:\Windows\system32\Msdtc
2009-02-26 15:45:26 ----D---- C:\Windows\system32\wbem
2009-02-26 15:44:09 ----D---- C:\Windows\system32\spool
2009-02-26 15:44:00 ----D---- C:\Program Files\Common Files\xing shared
2009-02-26 15:43:58 ----D---- C:\Program Files\Common Files\Real
2009-02-26 15:43:58 ----AD---- C:\Program Files\BetUSPoker
2009-02-26 15:43:54 ----D---- C:\Windows\registration
2009-02-25 12:55:00 ----A---- C:\Windows\system32\mrt.exe
2009-02-23 11:42:18 ----AD---- C:\Program Files\PlayersOnly Poker
2009-02-15 20:03:22 ----D---- C:\Program Files\PokerStars
2009-02-13 09:37:21 ----D---- C:\Program Files\RaiderPoker
2009-02-13 09:36:30 ----D---- C:\Program Files\PokerManiaCR
2009-02-13 09:36:00 ----D---- C:\Program Files\Pokerari
2009-02-13 09:35:13 ----D---- C:\Program Files\PlayersCardroom
2009-02-11 10:13:04 ----D---- C:\Windows\Microsoft.NET
2009-02-11 10:12:25 ----RSD---- C:\Windows\assembly
2009-02-11 09:45:20 ----D---- C:\Windows\ehome
2009-02-09 10:40:15 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2009-02-08 20:45:08 ----D---- C:\Users\Michael P\AppData\Roaming\Pokerari
2009-02-08 15:28:15 ----D---- C:\Windows\system32\Macromed
2009-02-08 02:18:35 ----D---- C:\ProgramData\PCPitstop
2009-02-07 19:48:18 ----D---- C:\Program Files\Skype
2009-02-07 19:48:16 ----D---- C:\ProgramData\Skype
2009-02-05 13:09:58 ----D---- C:\Program Files\IronDuke
2009-02-05 13:09:21 ----D---- C:\Program Files\Rosso Poker
2009-02-05 13:04:46 ----D---- C:\Users\Michael P\AppData\Roaming\RaiderPoker
2009-01-31 12:56:57 ----D---- C:\Windows\SMINST
2009-01-31 12:56:12 ----D---- C:\ProgramData\JTS Autoupdate Files
2009-01-31 12:56:10 ----D---- C:\Program Files\Spyware Doctor
2009-01-29 20:23:05 ----D---- C:\Windows\rescache
2009-01-29 20:04:30 ----D---- C:\Windows\system32\XPSViewer
2009-01-29 08:55:57 ----D---- C:\Program Files\Grisoft
2009-01-21 11:14:49 ----D---- C:\Program Files\WassPoker
2009-01-20 08:26:04 ----D---- C:\Windows\panther
2009-01-20 08:25:59 ----D---- C:\Users\Michael P\AppData\Roaming\Orbit
2009-01-20 08:25:43 ----D---- C:\Program Files\Slide
2009-01-06 10:44:14 ----D---- C:\Program Files\USDbetCom

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\Windows\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-03-10 325640]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-28 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-03-10 107912]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
R1 FileDisk;FileDisk; C:\Windows\system32\drivers\FileDisk.sys [2008-04-17 9341]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-05-16 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-05-16 26424]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-09 113664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 dc3d;USBCCGP filter driver (dc3d); C:\Windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-02-07 218752]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-19 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-19 93696]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-12-12 148992]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 IKFileFlt;File Filter Driver; C:\Windows\system32\drivers\ikfileflt.sys []
S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2007-10-04 41288]
S3 IkSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2007-10-04 62280]
S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2007-10-04 79688]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-02-21 19712]
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-02-21 18304]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
S3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-03-12 27136]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-03-08 425080]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-24 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-24 118877]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-06-05 61440]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-01-14 712048]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-01-14 712048]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-02-21 303104]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 ACS;Atheros Configuration Service; C:\Windows\system32\acs.exe [2004-07-12 36864]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-10 908056]
S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-10 298264]
S2 DeviceExpert;DeviceExpert; C:\AdventNet\DeviceExpert\bin\wrapper.exe [2007-02-08 126976]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-30 138680]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe [2007-10-02 742216]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe [2007-10-02 1415496]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

-----------------EOF-----------------

Edited by Goober17, 25 March 2009 - 11:37 AM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:14 PM

Posted 25 March 2009 - 12:19 PM

As I understand this is the current problem:

I run Malewarebytes...finds same thing each time: OPEN.COMMAND, changes my flie associations (see screen shot in earlier post)

  • Download [http://www.kztechs.com/eng/download.html]System Repair Engineer (SREng2.zip)[/url]
    • Extract it to Desktop and double click SREngLdr.EXE to run it
    • Select System Repair from the left pane.
    • Click on File Association
    • Select all entries that has an Error status click [Repair]
    • Refer to this image for an example:

      Posted Image
    • Close SREng now.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.
Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

#10 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:12:14 PM

Posted 25 March 2009 - 12:20 PM

also, about 2 weeks ago, was being redirected/being acessedby these...so I blocked them & showed some improvement...

ad.yieldmanager.com
ytaahg.vo.llnwd.net
ml.2mdn.net
l.yimg.com
tumri.net

probably more, but that's only ones I could catch....don't know if this info might help you

#11 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:12:14 PM

Posted 25 March 2009 - 12:41 PM

WEEEEEEEEEEEEEE......I think that may have done it....at least hope so...thx

Malwarebytes' Anti-Malware 1.34
Database version: 1897
Windows 6.0.6001 Service Pack 1

3/25/2009 1:39:12 PM
mbam-log-2009-03-25 (13-39-12).txt

Scan type: Quick Scan
Objects scanned: 62264
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:14 PM

Posted 25 March 2009 - 01:06 PM

Goober17,

The problem looks resolved. However, those redirections you mention are always a sign of infection but I don't see anything on the log we should be worried about.

Lets do the following: Run the computer normally for the coming two days and tell me if there is anything we should take care of. Please don't forget to post your findings after two days anyway.

#13 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:12:14 PM

Posted 25 March 2009 - 02:29 PM

:thumbup2: :) THANK YOU farbar, much appreciated :step4: will post again in 2 days

Edited by Goober17, 25 March 2009 - 02:30 PM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:14 PM

Posted 25 March 2009 - 03:02 PM

You are most welcome Goober17.

I'll wait for your post. :thumbup2:

#15 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:12:14 PM

Posted 26 March 2009 - 11:15 PM

well, worked fine for a while, but now every 11 to 12 minutes Win Patrol reports file assocations are being changed.... :thumbup2:
I've been running System Repair Engineer ( like you told me before) but still keeps coming back 11-12 minutes. Here is screen shot:

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users