Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RUBotted


  • This topic is locked This topic is locked
22 replies to this topic

#1 Goober17

Goober17

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:02:15 PM

Posted 26 May 2009 - 05:11 PM

IE keeps crashing...sometimes sends me to OpenDNS when I do a Google search....slow....not responding...
tried to use Trend Micro House Call to fix, but it just keeps going & going & going ( like the Duracell bunny) and never loads...like its in a "loop"...
couple screen shots below:

Posted Image


Posted Image





DDS (Ver_09-05-14.01) - NTFSx86
Run by Michael P at 17:04:50.27 on Tue 05/26/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.843 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael P\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
mStart Page = about:blank
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
uRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
uRun: [Gadwin PrintScreen] "c:\program files\gadwin systems\printscreen\PrintScreen.exe" /nosplash
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - c:\program files\pokerrewardsmpp\MPPoker.exe
IE: {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
IE: {725E77D3-B919-4eef-8EEE-D09DE618B6C1}
IE: {E9790AAA-6E47-4488-A493-27F78954DA0B}
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: backrowpoker.com\www
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243339091304&h=4f2bd44e4212415e50ec137a5b0ffe13/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {27FC5FCD-5AEA-49CD-BC25-F0DB8630A981} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-25 108552]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-1-27 20392]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-19 108289]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-25 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-25 298776]
R2 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-5-4 67424]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-27 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-27 712048]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-5-7 582992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-12-19 809296]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-5-7 206608]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-31 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-5-7 206608]

============== File Associations ===============

VBEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-05-26 14:04 <DIR> a-d----- c:\programdata\TEMP
2009-05-26 07:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-25 09:13 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-25 09:13 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-25 09:13 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-25 09:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-25 09:12 <DIR> --d----- c:\programdata\avg8
2009-05-25 09:12 <DIR> --d----- c:\progra~2\avg8
2009-05-25 01:21 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys
2009-05-23 09:00 <DIR> --d----- c:\programdata\Motive
2009-05-22 09:22 <DIR> --d----- c:\program files\ZipCentral
2009-05-20 11:23 <DIR> --d----- c:\users\michae~1\appdata\roaming\MiniDm
2009-05-17 13:05 <DIR> --d----- c:\programdata\Sportsbook Poker
2009-05-17 13:05 <DIR> --d----- c:\progra~2\Sportsbook Poker
2009-05-16 15:13 <DIR> --d----- c:\programdata\PowerPoker
2009-05-16 15:13 <DIR> --d----- c:\progra~2\PowerPoker
2009-05-16 14:31 <DIR> --d----- c:\program files\ESPN
2009-05-14 16:49 <DIR> --d----- c:\users\michae~1\appdata\roaming\Jolly Roger Poker
2009-05-07 15:11 <DIR> --d----- c:\users\michae~1\appdata\roaming\HouseCall 6.6
2009-05-07 15:06 206,608 a------- c:\windows\system32\drivers\TMPassthru.sys
2009-05-05 19:56 <DIR> --d----- c:\program files\PokerPages Software
2009-05-04 13:35 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-05-03 14:46 <DIR> --d----- c:\program files\LastPass
2009-04-28 22:24 <DIR> --d----- c:\users\michae~1\appdata\roaming\r2 Studios
2009-04-28 22:24 <DIR> --d----- c:\programdata\r2 Studios
2009-04-28 22:24 <DIR> --d----- c:\progra~2\r2 Studios
2009-04-28 22:24 <DIR> --d----- c:\program files\r2 Studios
2009-04-28 21:56 <DIR> --d----- c:\users\michae~1\appdata\roaming\licenses
2009-04-28 21:56 <DIR> --d----- c:\users\michae~1\appdata\roaming\PCMM2009

==================== Find3M ====================

2009-05-25 08:10 42,230 a------- c:\programdata\nvModes.dat
2009-05-25 08:10 42,230 a------- c:\progra~2\nvModes.dat
2009-05-07 15:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-07 15:06 86,016 a------- c:\windows\inf\infstor.dat
2009-05-07 15:06 51,200 a------- c:\windows\inf\infpub.dat
2009-04-27 09:00 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-31 15:35 17,160 a------- c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 a------- c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-25 16:44 936,288 a------- c:\windows\system32\Incinerator.dll
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-06 18:12 21,256 a------- c:\windows\help\oem\scripts\HPScript.exe
2009-03-05 13:29 16,648 a------- c:\windows\help\oem\scripts\HC_ProtectSmartPatch.exe
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 22:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-12-15 15:21 174 a--sh--- c:\program files\desktop.ini
2008-12-15 14:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-01 18:55 32 a------- c:\programdata\ezsid.dat
2008-04-01 18:55 32 a------- c:\progra~2\ezsid.dat
2007-06-03 09:15 13,213 a------- c:\users\michae~1\appdata\roaming\nvModes.dat
2007-04-14 19:58 352,987 a------- c:\program files\REPORT.HTM
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:05:58.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:15 PM

Posted 07 June 2009 - 05:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:02:15 PM

Posted 07 June 2009 - 06:38 PM

Attached File  Attach.txt   9.8KB   12 downloads


DDS (Ver_09-05-14.01) - NTFSx86
Run by Michael P at 19:14:28.57 on Sun 06/07/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1014 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael P\Desktop\dds.scr
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.msn.com
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
uRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - c:\program files\pokerrewardsmpp\MPPoker.exe
IE: {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
IE: {725E77D3-B919-4eef-8EEE-D09DE618B6C1}
IE: {E9790AAA-6E47-4488-A493-27F78954DA0B}
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: backrowpoker.com\www
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243339091304&h=4f2bd44e4212415e50ec137a5b0ffe13/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {27FC5FCD-5AEA-49CD-BC25-F0DB8630A981} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-6 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-25 108552]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-1-27 20392]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-19 108289]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-25 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-25 298776]
R2 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-5-4 67424]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-5-7 206608]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-31 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-5-7 206608]

============== File Associations ===============

VBEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-06-06 15:38 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-06 15:38 <DIR> --d----- c:\program files\Panda Security
2009-06-05 10:03 1,507 a------- c:\windows\system32\HealthCheckAC.xml
2009-06-05 10:03 1,320 a------- c:\windows\system32\HealthCheckBC.xml
2009-06-02 09:02 <DIR> --d----- c:\programdata\HP
2009-05-26 14:04 <DIR> a-d----- c:\programdata\TEMP
2009-05-26 07:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-25 09:13 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-25 09:13 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-25 09:13 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-25 09:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-25 09:12 <DIR> --d----- c:\programdata\avg8
2009-05-25 09:12 <DIR> --d----- c:\progra~2\avg8
2009-05-25 01:21 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys
2009-05-23 09:00 <DIR> --d----- c:\programdata\Motive
2009-05-22 09:22 <DIR> --d----- c:\program files\ZipCentral
2009-05-20 11:23 <DIR> --d----- c:\users\michae~1\appdata\roaming\MiniDm
2009-05-17 13:05 <DIR> --d----- c:\programdata\Sportsbook Poker
2009-05-17 13:05 <DIR> --d----- c:\progra~2\Sportsbook Poker
2009-05-16 15:13 <DIR> --d----- c:\programdata\PowerPoker
2009-05-16 15:13 <DIR> --d----- c:\progra~2\PowerPoker
2009-05-16 14:31 <DIR> --d----- c:\program files\ESPN
2009-05-14 16:49 <DIR> --d----- c:\users\michae~1\appdata\roaming\Jolly Roger Poker

==================== Find3M ====================

2009-06-06 10:00 42,230 a------- c:\programdata\nvModes.dat
2009-06-06 10:00 42,230 a------- c:\progra~2\nvModes.dat
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-07 15:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-07 15:06 86,016 a------- c:\windows\inf\infstor.dat
2009-05-07 15:06 51,200 a------- c:\windows\inf\infpub.dat
2009-05-04 13:32 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-04-27 09:00 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-31 15:35 17,160 a------- c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 a------- c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-25 16:44 936,288 a------- c:\windows\system32\Incinerator.dll
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2008-12-15 15:21 174 a--sh--- c:\program files\desktop.ini
2008-12-15 14:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-01 18:55 32 a------- c:\programdata\ezsid.dat
2008-04-01 18:55 32 a------- c:\progra~2\ezsid.dat
2007-06-03 09:15 13,213 a------- c:\users\michae~1\appdata\roaming\nvModes.dat
2007-04-14 19:58 352,987 a------- c:\program files\REPORT.HTM
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:15:52.96 ===============

Edited by Goober17, 07 June 2009 - 06:40 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 PM

Posted 08 June 2009 - 08:08 AM

Hi Goober17,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will get back to you with your first instructions. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:02:15 PM

Posted 08 June 2009 - 08:17 AM

I'm here....thx m0le for your help.....just to let you know, I did run Spybot S&D this morning ( only cleaned some cookies,temp files etc...nothing major) will wait for ur instructions...

Edited by Goober17, 08 June 2009 - 08:20 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 PM

Posted 08 June 2009 - 03:10 PM

Hi Goober17,

Your logs show that you have an online poker program installed on your computer. I know that you may use these this game on a regular basis but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programs yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a program is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the program, then you can do so by following the below steps:

Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs, search for the poker game and remove it.

If you are unsure of anything, please dont hesitate to ask.


Now to the fix

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

If you have a router, then when the computer is restarting, unhook the router from the internet, then do a reset of the router, and then when the computer and router are back up, make sure you change the default password with a strong password. If you have just an external modem, just unplug the power from it, wait 2 minutes, then plug it back in.


Please post a new DDS log also. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:02:15 PM

Posted 08 June 2009 - 07:25 PM

took Malwarebytes nearly 4 hours, but here it is:

Malwarebytes' Anti-Malware 1.37
Database version: 2249
Windows 6.0.6001 Service Pack 1

6/8/2009 8:20:01 PM
mbam-log-2009-06-08 (20-20-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 213748
Time elapsed: 3 hour(s), 30 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER logfile:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-08 16:42:41
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#8 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:02:15 PM

Posted 08 June 2009 - 07:55 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Michael P at 20:32:52.31 on Mon 06/08/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1094 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Michael P\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.msn.com
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
uRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - c:\program files\pokerrewardsmpp\MPPoker.exe
IE: {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
IE: {725E77D3-B919-4eef-8EEE-D09DE618B6C1}
IE: {E9790AAA-6E47-4488-A493-27F78954DA0B}
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: backrowpoker.com\www
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243339091304&h=4f2bd44e4212415e50ec137a5b0ffe13/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {27FC5FCD-5AEA-49CD-BC25-F0DB8630A981} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-6 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-25 108552]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-1-27 20392]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-19 108289]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-25 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-25 298776]
R2 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-5-4 67424]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-27 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-27 712048]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-5-7 582992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-12-19 809296]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-5-7 206608]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-31 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-5-7 206608]

============== File Associations ===============

VBEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-06-06 15:38 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-06 15:38 <DIR> --d----- c:\program files\Panda Security
2009-06-05 10:03 1,507 a------- c:\windows\system32\HealthCheckAC.xml
2009-06-05 10:03 1,320 a------- c:\windows\system32\HealthCheckBC.xml
2009-06-02 09:02 <DIR> --d----- c:\programdata\HP
2009-05-26 14:04 <DIR> a-d----- c:\programdata\TEMP
2009-05-26 07:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-25 09:13 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-25 09:13 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-25 09:13 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-25 09:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-25 09:12 <DIR> --d----- c:\programdata\avg8
2009-05-25 09:12 <DIR> --d----- c:\progra~2\avg8
2009-05-25 01:21 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys
2009-05-23 09:00 <DIR> --d----- c:\programdata\Motive
2009-05-22 09:22 <DIR> --d----- c:\program files\ZipCentral
2009-05-20 11:23 <DIR> --d----- c:\users\michae~1\appdata\roaming\MiniDm
2009-05-17 13:05 <DIR> --d----- c:\programdata\Sportsbook Poker
2009-05-17 13:05 <DIR> --d----- c:\progra~2\Sportsbook Poker
2009-05-16 15:13 <DIR> --d----- c:\programdata\PowerPoker
2009-05-16 15:13 <DIR> --d----- c:\progra~2\PowerPoker
2009-05-16 14:31 <DIR> --d----- c:\program files\ESPN
2009-05-14 16:49 <DIR> --d----- c:\users\michae~1\appdata\roaming\Jolly Roger Poker

==================== Find3M ====================

2009-06-06 10:00 42,230 a------- c:\programdata\nvModes.dat
2009-06-06 10:00 42,230 a------- c:\progra~2\nvModes.dat
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-07 15:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-07 15:06 86,016 a------- c:\windows\inf\infstor.dat
2009-05-07 15:06 51,200 a------- c:\windows\inf\infpub.dat
2009-05-04 13:32 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-04-27 09:00 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-31 15:35 17,160 a------- c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 a------- c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-25 16:44 936,288 a------- c:\windows\system32\Incinerator.dll
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2008-12-15 15:21 174 a--sh--- c:\program files\desktop.ini
2008-12-15 14:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-01 18:55 32 a------- c:\programdata\ezsid.dat
2008-04-01 18:55 32 a------- c:\progra~2\ezsid.dat
2007-06-03 09:15 13,213 a------- c:\users\michae~1\appdata\roaming\nvModes.dat
2007-04-14 19:58 352,987 a------- c:\program files\REPORT.HTM
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:33:28.49 ===============

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 PM

Posted 08 June 2009 - 08:43 PM

Hi Goober17,

I would recommend printing these instructions out because they are detailed and lengthy.

1)Please download SmitfraudFix

Disconnect your computer from the internet by unplugging your network cable from your router.
Double-click SmitfraudFix.exe
Select #5 Search and clean DNS Hijack
Please reboot your computer, reconnect your router, and then post the report found at the root of the system drive, usually at C:\rapport.txt
==========================================
2) Let's manually reset your DNS.

Open Network Connections by clicking the Start button , clicking Control Panel, clicking Network and Internet, clicking Network and Sharing Center, and then clicking Manage network connections.

Right-click the connection that you want to change, and then click Properties. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

To obtain a DNS server address automatically, click Obtain DNS server address automatically, and then click OK.
==========================================
3) Click Start - Run. The Run dialog box will open.
Type cmd in the box and click Enter. A DOS window will open.
Type ipconfig /flushdns <=Note the spacing
Reboot your computer!

Please post a new DDS log.

Thanks!
Posted Image
m0le is a proud member of UNITE

#10 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:02:15 PM

Posted 09 June 2009 - 09:28 AM

tried following ur instructions, but not having much luck....downloaded SmitfraudFix (it's on my desktop) selected #5..but report of C:\rapport is bunch of unreadable gibberish....doesn't appear that anything worked/changed...

on to #2: reset DNS...did not see "obtain DNS server automatically"..... (OS=VISTA, does that change things?)

Posted Image




#3: when I did this step it said: this operation requires elevation....

just for ur info, when I logged on this morning I got this:

Posted Image

Edited by Goober17, 09 June 2009 - 11:20 AM.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 PM

Posted 09 June 2009 - 01:40 PM

Okay, something doesn't want to leave. I think that the DNS flush didn't work because you are using Vista.

Let's try a stronger approach.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#12 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:02:15 PM

Posted 09 June 2009 - 02:25 PM

it says Window Defender enabled, but I followed instructions to disable :thumbup2:


ComboFix 09-06-09.01 - Michael P 06/09/2009 15:12.8 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1151 [GMT -4:00]
Running from: c:\users\Michael P\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mfc45.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 19:16 . 2009-06-09 19:16 -------- d-----w- c:\users\Michael P\AppData\Local\temp
2009-06-07 03:35 . 2009-04-15 07:39 917504 ----a-w- c:\users\Michael P\AppData\Roaming\RaiderPoker\Updater.exe
2009-06-07 03:35 . 2009-04-10 14:38 3403776 ----a-w- c:\users\Michael P\AppData\Roaming\RaiderPoker\Poker.exe
2009-06-07 03:35 . 2004-12-07 08:11 258352 ----a-w- c:\users\Michael P\AppData\Roaming\RaiderPoker\unicows.dll
2009-06-06 19:38 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-06 19:38 . 2009-06-06 19:38 -------- d-----w- c:\program files\Panda Security
2009-06-06 19:18 . 2009-06-07 13:06 -------- d-sh--w- \Config.Msi
2009-06-02 13:02 . 2009-06-02 13:02 -------- d-----w- c:\programdata\HP
2009-06-01 17:47 . 2009-06-01 17:47 390664 ----a-w- c:\users\Michael P\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-01 17:47 . 2009-06-01 17:47 390664 ----a-w- c:\users\Michael P\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
2009-05-28 19:54 . 2009-05-28 19:54 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 11:58 . 2009-05-26 11:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 13:13 . 2009-05-25 13:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-25 13:13 . 2009-05-25 13:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-25 13:13 . 2009-05-25 13:13 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-25 13:13 . 2009-06-09 13:28 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-25 13:13 . 2009-05-25 13:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-25 13:12 . 2009-05-25 13:29 -------- d-----w- c:\programdata\avg8
2009-05-25 05:21 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-05-23 13:00 . 2009-05-23 13:00 -------- d-----w- c:\programdata\Motive
2009-05-22 13:22 . 2009-05-22 13:22 -------- d-----w- c:\program files\ZipCentral
2009-05-20 15:23 . 2009-05-20 15:26 -------- d-----w- c:\users\Michael P\AppData\Roaming\MiniDm
2009-05-17 17:05 . 2009-05-17 17:05 -------- d-----w- c:\programdata\Sportsbook Poker
2009-05-17 16:42 . 2009-05-17 16:42 390664 ----a-w- c:\users\Michael P\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
2009-05-16 19:13 . 2009-05-16 19:13 -------- d-----w- c:\programdata\PowerPoker
2009-05-16 19:03 . 2009-05-16 19:03 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-16 18:31 . 2009-05-16 18:31 -------- d-----w- c:\program files\ESPN
2009-05-14 20:49 . 2009-05-14 20:49 83450 ----a-w- c:\users\Michael P\AppData\Roaming\Jolly Roger Poker\uninst.exe
2009-05-14 20:49 . 2009-05-27 01:08 -------- d-----w- c:\users\Michael P\AppData\Roaming\Jolly Roger Poker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 13:19 . 2007-03-19 14:18 2097152000 --sha-w- \pagefile.sys
2009-06-09 13:18 . 2006-12-29 12:18 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-09 12:02 . 2008-12-23 14:48 42230 ----a-w- c:\programdata\nvModes.dat
2009-06-09 01:52 . 2009-04-16 16:16 -------- d---a-w- c:\program files\PowerPoker
2009-06-08 13:30 . 2008-06-24 23:41 -------- d---a-w- c:\program files\Cake Poker
2009-06-08 04:37 . 2009-04-01 14:38 -------- d-----w- c:\program files\SpywareGuard
2009-06-07 21:55 . 2008-04-01 22:51 -------- d-----w- c:\users\Michael P\AppData\Roaming\Skype
2009-06-07 21:54 . 2009-01-13 02:10 -------- d---a-w- c:\program files\Third Bullet
2009-06-07 03:41 . 2008-12-12 01:49 -------- d-----w- c:\users\Michael P\AppData\Roaming\RaiderPoker
2009-06-06 20:26 . 2007-03-31 20:42 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-06 19:19 . 2008-02-09 23:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 15:18 . 2007-06-02 12:29 -------- d---a-w- c:\program files\PlayersOnly Poker
2009-06-04 20:38 . 2007-04-07 00:28 -------- d---a-w- c:\program files\Sportsbook Poker
2009-06-03 21:09 . 2009-01-04 05:30 -------- d-----w- c:\users\Michael P\AppData\Roaming\PlayersCardroom
2009-06-01 12:53 . 2009-03-26 22:39 -------- d---a-w- c:\program files\PokerHost
2009-05-31 20:50 . 2009-01-27 17:36 -------- d-----w- c:\users\Michael P\AppData\Roaming\iolo
2009-05-31 19:50 . 2009-02-03 01:15 -------- d---a-w- c:\program files\DoylesRoom
2009-05-31 19:49 . 2008-12-02 04:36 -------- d-----w- c:\users\Michael P\AppData\Roaming\Pokerari
2009-05-31 18:59 . 2008-08-11 15:55 -------- d-----w- c:\program files\a-squared Free
2009-05-31 15:44 . 2009-03-08 23:54 518 ----a-w- c:\users\Michael P\AppData\Roaming\iolo\Registry\Last\restore.bat
2009-05-30 00:28 . 2008-01-01 00:17 -------- d-----w- c:\program files\IronDuke
2009-05-29 03:25 . 2007-08-21 22:49 -------- d-----w- c:\program files\CarbonPoker
2009-05-28 20:01 . 2007-03-31 06:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-28 19:59 . 2007-03-31 06:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-05-28 19:55 . 2009-02-13 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-28 14:02 . 2007-04-02 01:58 -------- d-----w- c:\programdata\NVIDIA
2009-05-26 18:14 . 2009-03-13 13:16 -------- d-----w- c:\program files\SpywareBlaster
2009-05-26 17:20 . 2009-02-13 20:58 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2009-02-13 20:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-26 11:58 . 2006-12-29 13:34 -------- d-----w- c:\program files\Java
2009-05-24 15:59 . 2007-05-28 03:27 -------- d-----w- c:\program files\Super Fast Shutdown
2009-05-22 14:09 . 2009-04-05 01:41 -------- d---a-w- c:\program files\PokerWorld
2009-05-21 12:55 . 2009-02-14 16:18 1240 ----a-w- c:\users\Michael P\AppData\Roaming\iolo\restore.bat
2009-05-21 12:20 . 2008-05-26 19:42 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-05-21 02:12 . 2009-02-08 19:27 -------- d-----w- c:\program files\ReeferPoker
2009-05-20 16:29 . 2006-12-29 13:13 -------- d-----w- c:\programdata\WildTangent
2009-05-20 16:29 . 2006-12-29 13:05 -------- d-----w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-05-20 16:29 . 2007-12-31 13:06 -------- d--h--w- c:\programdata\{983E5E27-ED7A-4551-8D0E-8536786F9C14}
2009-05-19 21:36 . 2009-04-20 12:03 -------- d-----w- c:\program files\IEPro
2009-05-19 05:03 . 2008-08-11 15:22 -------- d-----w- c:\users\Michael P\AppData\Roaming\GlarySoft
2009-05-14 18:13 . 2009-03-30 15:04 -------- d-----w- c:\programdata\McAfee
2009-05-14 14:49 . 2008-04-01 22:44 -------- d-----r- c:\program files\Skype
2009-05-14 14:01 . 2006-12-29 13:02 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 13:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 15:53 . 2009-05-07 19:11 -------- d-----w- c:\users\Michael P\AppData\Roaming\HouseCall 6.6
2009-05-10 02:58 . 2009-05-10 02:58 766808 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-07 21:50 . 2008-04-01 22:55 -------- d-----w- c:\users\Michael P\AppData\Roaming\skypePM
2009-05-07 19:06 . 2006-12-29 12:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 19:06 . 2009-03-09 20:42 -------- d-----w- c:\program files\Trend Micro
2009-05-07 18:46 . 2009-01-19 23:39 -------- d-----w- c:\program files\Microsoft
2009-05-04 18:37 . 2007-04-29 22:38 -------- d-----w- c:\users\Michael P\AppData\Roaming\Microgaming
2009-05-04 18:17 . 2007-03-18 23:01 92016 ----a-w- c:\users\Michael P\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-04 17:32 . 2009-05-04 17:35 67424 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2009-05-03 18:47 . 2009-05-03 18:46 -------- d-----w- c:\program files\LastPass
2009-05-03 18:11 . 2009-02-13 20:41 -------- d-----w- c:\program files\Glary Utilities
2009-05-02 14:52 . 2006-12-29 12:59 -------- d-----w- c:\program files\Microsoft Works
2009-04-29 02:24 . 2009-04-29 02:24 -------- d-----w- c:\users\Michael P\AppData\Roaming\r2 Studios
2009-04-29 02:24 . 2009-04-29 02:24 -------- d-----w- c:\programdata\r2 Studios
2009-04-29 02:24 . 2009-04-29 02:24 -------- d-----w- c:\program files\r2 Studios
2009-04-29 01:56 . 2009-04-29 01:56 -------- d-----w- c:\users\Michael P\AppData\Roaming\licenses
2009-04-29 01:56 . 2009-04-29 01:56 -------- d-----w- c:\users\Michael P\AppData\Roaming\PCMM2009
2009-04-28 02:00 . 2009-04-05 00:39 -------- d-----w- c:\program files\TruePoker
2009-04-27 22:49 . 2009-04-27 22:49 390664 ----a-w- c:\users\Michael P\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
2009-04-27 14:22 . 2008-12-04 01:33 -------- d-----w- c:\users\Michael P\AppData\Roaming\Cellsino
2009-04-27 14:22 . 2008-10-21 00:58 -------- d-----w- c:\program files\RaiderPoker
2009-04-27 14:22 . 2008-03-21 22:44 -------- d-----w- c:\program files\PlayersCardroom
2009-04-27 14:22 . 2007-11-17 18:37 -------- d-----w- c:\program files\Pokerari
2009-04-27 14:22 . 2008-07-11 23:30 -------- d-----w- c:\program files\Cellsino
2009-04-27 13:00 . 2009-04-19 05:40 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 13:00 . 2009-04-19 05:40 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-26 14:16 . 2008-07-19 03:52 -------- d-----w- c:\program files\Rosso Poker
2009-04-26 14:16 . 2007-04-14 14:02 -------- d-----w- c:\program files\Amco Poker
2009-04-26 14:16 . 2007-03-31 19:31 -------- d-----w- c:\program files\USDbetCom
2009-04-26 14:12 . 2008-11-21 02:50 -------- d-----w- c:\users\Michael P\AppData\Roaming\IObit
2009-04-24 20:11 . 2006-12-29 12:44 -------- d-----w- c:\programdata\Roxio
2009-04-20 18:45 . 2008-06-11 23:46 -------- d-----w- c:\program files\Common Files\Motive
2009-04-20 13:22 . 2009-02-04 04:57 -------- d-----w- c:\users\Michael P\AppData\Roaming\NLOP
2009-04-20 02:40 . 2009-04-20 02:40 -------- d-----w- c:\program files\att-prt22
2009-04-19 05:39 . 2009-04-19 05:39 -------- d-----w- c:\programdata\Avira
2009-04-19 05:39 . 2009-04-19 05:39 -------- d-----w- c:\program files\Avira
2009-04-18 23:03 . 2009-04-16 13:39 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-04-16 19:21 . 2009-04-16 19:21 -------- d-----w- c:\programdata\PokerWorld
2009-04-16 13:39 . 2009-04-16 13:39 -------- d-----w- c:\users\Michael P\AppData\Roaming\TweakNow RegCleaner
2009-04-15 07:39 . 2009-04-29 21:48 917504 ----a-w- c:\users\Michael P\AppData\Roaming\Pokerari\Updater.exe
2009-04-15 07:39 . 2009-04-15 07:39 917504 ----a-w- c:\users\Michael P\AppData\Roaming\Jolly Roger Poker\Updater.exe
2009-04-12 05:00 . 2009-02-14 15:57 -------- d-----w- c:\program files\VIP.com
2009-04-10 14:38 . 2009-04-29 21:48 3403776 ----a-w- c:\users\Michael P\AppData\Roaming\Pokerari\Poker.exe
2009-04-10 14:38 . 2009-04-10 14:38 3403776 ----a-w- c:\users\Michael P\AppData\Roaming\Jolly Roger Poker\Poker.exe
2009-04-04 21:09 . 2009-04-04 21:09 390664 ----a-w- c:\users\Michael P\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe
2009-03-31 19:35 . 2009-04-24 14:02 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 21:30 . 2009-04-24 14:02 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-28 21:09 . 2009-03-28 21:09 390664 ----a-w- c:\users\Michael P\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
2009-03-27 21:38 . 2009-05-07 19:12 366344 ----a-w- c:\users\Michael P\AppData\Roaming\HouseCall 6.6\tsc.exe
2009-03-25 20:44 . 2009-01-27 17:48 936288 ----a-w- c:\windows\system32\Incinerator.dll
2009-03-19 10:31 . 2009-03-19 10:31 172032 ----a-w- c:\users\Michael P\AppData\Roaming\Jolly Roger Poker\JollyRogerPoker.exe
2009-03-17 03:38 . 2009-04-15 04:52 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 04:52 24064 ----a-w- c:\windows\system32\amxread.dll
2007-04-14 23:58 . 2007-04-14 23:58 352987 ----a-w- c:\program files\REPORT.HTM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-07 292152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2122433464-2882524743-4010899740-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{744F9F69-3838-4A5F-B7F3-E13C41EDF1F5}c:\\program files\\carbonpoker\\client.exe"= UDP:c:\program files\carbonpoker\client.exe:Carbon Poker Client
"UDP Query User{3612CC6A-DD11-4DBB-9480-A3B60E8BA9E8}c:\\program files\\carbonpoker\\client.exe"= TCP:c:\program files\carbonpoker\client.exe:Carbon Poker Client
"TCP Query User{E39B17D5-A0D3-413D-BF28-F43AF367595F}c:\\program files\\poker.com\\client.exe"= UDP:c:\program files\poker.com\client.exe:Poker.com Client
"UDP Query User{C9925C30-9AC0-44F8-8670-9494269B4F6B}c:\\program files\\poker.com\\client.exe"= TCP:c:\program files\poker.com\client.exe:Poker.com Client
"TCP Query User{75469D9B-B979-4716-8A85-1B492E78A2C3}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{E3CDA4E5-C994-4ABE-AB74-A3FE70E3D1E3}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{0414DF13-E6DC-4F31-AAE6-AACB8115FACB}c:\\program files\\ironduke\\client.exe"= UDP:c:\program files\ironduke\client.exe:Iron Duke Client
"UDP Query User{C82B3A21-971F-48D6-9980-7D4628E16B7D}c:\\program files\\ironduke\\client.exe"= TCP:c:\program files\ironduke\client.exe:Iron Duke Client
"{D0AA43D2-F345-472E-AC5A-CA1D01913A28}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{2968B898-7357-4C0A-B9CB-38990CA6BCBC}"= TCP:67:DHCP Discovery Service
"{BF80357D-AE68-46A4-A94A-485C5F094D07}"= TCP:67:DHCP Discovery Service
"{040C4477-943D-45CC-B370-89DCB0BD28AF}"= UDP:c:\users\Michael P\AppData\Local\Temp\7zSB065.tmp\SymNRT.exe:Norton Removal Tool
"{8C2CF67D-F5D9-4030-BF70-C1C53364BC7F}"= TCP:c:\users\Michael P\AppData\Local\Temp\7zSB065.tmp\SymNRT.exe:Norton Removal Tool
"{835A2C56-8129-4938-A199-751B384ED154}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{CF9762A0-A56D-45F8-8B34-65C5278AAE1E}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{E631E99D-27DB-4480-AA2E-88FF83CC9137}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3FD89112-FBE8-4F3B-BAEC-DF059E2E5003}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A2573AE4-2BBD-4FF0-9707-4D5B8B717BD5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B78E5BAB-6F98-4D61-B279-3AB323F95CDB}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{A425B01E-9281-4147-B935-05DB830CA330}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{ED0FBDB3-ECA1-425B-BD7D-7E33D6949554}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [6/6/2009 15:38 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [5/25/2009 09:13 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [5/25/2009 09:13 108552]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [1/27/2009 13:48 20392]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/19/2009 01:40 108289]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/25/2009 09:12 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/25/2009 09:12 298776]
R2 CDAVFS;CDAVFS;c:\windows\System32\drivers\CDAVFS.sys [5/4/2009 13:35 67424]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/27/2009 13:48 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/27/2009 13:48 712048]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/19/2008 15:48 809296]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [1/15/2009 10:15 15360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 16:40 3668480]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [12/18/2006 23:31 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [12/18/2006 23:31 43904]
R3 TMPassthruMP;TMPassthruMP;c:\windows\System32\drivers\TMPassthru.sys [5/7/2009 15:06 206608]
S2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [5/7/2009 15:06 582992]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [3/31/2009 07:30 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 18:08 533360]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\System32\drivers\TMPassthru.sys [5/7/2009 15:06 206608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-02-13 22:02]

2009-06-01 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-10-31 23:15]

2009-06-09 c:\windows\Tasks\User_Feed_Synchronization-{95DDCBE9-416B-4568-A515-97705481F5FA}.job
- c:\windows\system32\msfeedssync.exe [2008-12-15 07:33]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.msn.com
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: {{6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - c:\program files\pokerrewardsMPP\MPPoker.exe
IE: {{7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
IE: {{E9790AAA-6E47-4488-A493-27F78954DA0B}
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
Trusted Zone: backrowpoker.com\www
TCP: {27FC5FCD-5AEA-49CD-BC25-F0DB8630A981} = 208.67.222.222,208.67.220.220
.
.
------- File Associations -------
.
VBEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 15:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-09 15:18
ComboFix-quarantined-files.txt 2009-06-09 19:18
ComboFix2.txt 2009-03-29 18:52

Pre-Run: 68,129,902,592 bytes free
Post-Run: 68,106,764,288 bytes free

292 --- E O F --- 2009-06-02 14:30

Edited by Goober17, 09 June 2009 - 02:27 PM.


#13 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:02:15 PM

Posted 09 June 2009 - 02:42 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Michael P at 15:31:50.96 on Tue 06/09/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.966 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael P\Desktop\dds.pif
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.msn.com
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
uRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - c:\program files\pokerrewardsmpp\MPPoker.exe
IE: {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
IE: {725E77D3-B919-4eef-8EEE-D09DE618B6C1}
IE: {E9790AAA-6E47-4488-A493-27F78954DA0B}
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: backrowpoker.com\www
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243339091304&h=4f2bd44e4212415e50ec137a5b0ffe13/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {27FC5FCD-5AEA-49CD-BC25-F0DB8630A981} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-6 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-25 108552]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-1-27 20392]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-19 108289]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-25 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-25 298776]
R2 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-5-4 67424]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-27 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-27 712048]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-12-19 809296]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-5-7 206608]
S2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-5-7 582992]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-31 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-5-7 206608]

============== File Associations ===============

VBEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-06-09 15:18 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-09 15:18 <DIR> --d----- C:\temp
2009-06-09 15:11 161,792 a------- c:\windows\SWREG.exe
2009-06-09 15:11 155,136 a------- c:\windows\PEV.exe
2009-06-09 15:11 98,816 a------- c:\windows\sed.exe
2009-06-09 15:11 <DIR> --ds---- C:\Combo-Fix
2009-06-06 15:38 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-06 15:38 <DIR> --d----- c:\program files\Panda Security
2009-06-05 10:03 1,507 a------- c:\windows\system32\HealthCheckAC.xml
2009-06-05 10:03 1,320 a------- c:\windows\system32\HealthCheckBC.xml
2009-06-02 09:02 <DIR> --d----- c:\programdata\HP
2009-05-26 14:04 <DIR> a-d----- c:\programdata\TEMP
2009-05-26 07:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-25 09:13 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-25 09:13 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-25 09:13 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-25 09:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-25 09:12 <DIR> --d----- c:\programdata\avg8
2009-05-25 09:12 <DIR> --d----- c:\progra~2\avg8
2009-05-25 01:21 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys
2009-05-23 09:00 <DIR> --d----- c:\programdata\Motive
2009-05-22 09:22 <DIR> --d----- c:\program files\ZipCentral
2009-05-20 11:23 <DIR> --d----- c:\users\michae~1\appdata\roaming\MiniDm
2009-05-17 13:05 <DIR> --d----- c:\programdata\Sportsbook Poker
2009-05-17 13:05 <DIR> --d----- c:\progra~2\Sportsbook Poker
2009-05-16 15:13 <DIR> --d----- c:\programdata\PowerPoker
2009-05-16 15:13 <DIR> --d----- c:\progra~2\PowerPoker
2009-05-16 14:31 <DIR> --d----- c:\program files\ESPN
2009-05-14 16:49 <DIR> --d----- c:\users\michae~1\appdata\roaming\Jolly Roger Poker

==================== Find3M ====================

2009-06-09 08:02 42,230 a------- c:\programdata\nvModes.dat
2009-06-09 08:02 42,230 a------- c:\progra~2\nvModes.dat
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-07 15:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-07 15:06 86,016 a------- c:\windows\inf\infstor.dat
2009-05-07 15:06 51,200 a------- c:\windows\inf\infpub.dat
2009-05-04 13:32 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-04-27 09:00 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-31 15:35 17,160 a------- c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 a------- c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-25 16:44 936,288 a------- c:\windows\system32\Incinerator.dll
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2008-12-15 15:21 174 a--sh--- c:\program files\desktop.ini
2008-12-15 14:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-01 18:55 32 a------- c:\programdata\ezsid.dat
2008-04-01 18:55 32 a------- c:\progra~2\ezsid.dat
2007-06-03 09:15 13,213 a------- c:\users\michae~1\appdata\roaming\nvModes.dat
2007-04-14 19:58 352,987 a------- c:\program files\REPORT.HTM
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:32:27.57 ===============

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 PM

Posted 09 June 2009 - 03:21 PM

The log looks good so we should be able to fix the OpenDNS problem.

Please download HijackThis and run it.

Post the log in your next reply.
Posted Image
m0le is a proud member of UNITE

#15 Goober17

Goober17
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:02:15 PM

Posted 09 June 2009 - 03:27 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:41, on 6/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Poker Rewards Poker - {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - C:\Program Files\pokerrewardsMPP\MPPoker.exe
O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - (no file)
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: VIP Poker - {E9790AAA-6E47-4488-A493-27F78954DA0B} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: VIP.com - {169c05c6-1c11-4e6b-a396-836fa4b43db7} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VIP.com\VIP.com.lnk (HKCU)
O9 - Extra button: IronDuke - {21efa308-eaa1-4c5c-8209-1393cc02af6d} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IronDuke\IronDuke.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra button: WassPoker - {4053ebe6-a54d-4bb9-b118-ce1d8f99a548} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WassPoker\WassPoker.lnk (HKCU)
O9 - Extra button: ReeferPoker - {60a501e4-a078-4cb2-8728-3fab4264f3c1} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O9 - Extra button: PokerNordica - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerNordica\PokerNordica.lnk (HKCU)
O9 - Extra button: Aced.com - {bdb825fa-7a98-498f-b101-45a8f268a1ff} - C:\Users\Michael P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aced.com\Aced.com.lnk (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.backrowpoker.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FC5FCD-5AEA-49CD-BC25-F0DB8630A981}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FC5FCD-5AEA-49CD-BC25-F0DB8630A981}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FC5FCD-5AEA-49CD-BC25-F0DB8630A981}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12014 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users