Infected with AV Security Suite fake anti-spyware
08-14-2010
, 06:41 PM
Yay, this again. This time MBAM can't find it, even on a full scan. 
DDS log 1:
DDS log 2:
MBAM log:
HJT log:
Thanks in advance for the help, guys.
DDS log 1:
Spoiler:
DDS (Ver_10-03-17.01) - NTFSX64 NETWORK
Run by Austin at 18:32:03.65 on Sat 08/14/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6134.5356 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Users\Austin\Desktop\Downloads\dds (1).scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moigh Object: {4cb75d59-41eb-4115-a965-af60a299737b} - c:\windows\syswow64\guvqp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\austin\appdata\local\google\update\Googl eUpdate.exe" /c
uRun: [RGSC] c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\RGSCLauncher.exe /silent
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [pombfmrl] c:\users\austin\appdata\local\dybvcjgpl\gwaevynshd w.exe
mRun: [ANIWZCS2Service] "c:\program files (x86)\ani\aniwzcs2 service\WZCSLDR2.exe"
mRun: [D-Link RangeBooster G WDA-2320] "c:\program files (x86)\d-link\rangebooster g wda-2320\AirPlusCFG.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [UnlockerAssistant] "c:\program files (x86)\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [sta] rundll32 "kuvqp.dll",,Run
mRun: [MChk] c:\windows\system32\xuvqp.exe
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\austin\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\digsby.lnk - c:\program files (x86)\digsby\digsby.exe
StartupFolder: c:\users\austin\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\drempe~1.lnk - c:\windows\drempels.exe
StartupFolder: c:\users\austin\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\sta rtup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files (x86)\pokerstars\PokerStarsUpdate.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\postgresql\8.3\bin\pg_ctl.exe [2008-10-31 65536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2002-1-1 24652]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-12 1255736]
=============== Created Last 30 ================
2010-08-11 23:51:06 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 23:51:06 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 23:51:06 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 23:51:06 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-11 23:51:06 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 23:45:59 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-11 23:45:59 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 23:45:59 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-11 23:45:58 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 23:45:58 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 23:45:58 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-09 01:27:10 0 d-----w- c:\programdata\OrbNetworks
2010-08-09 01:27:01 0 d-----w- c:\program files (x86)\Orb Networks
2010-08-02 19:55:07 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-28 02:26:56 3120 ----a-w- c:\windows\syswow64\ALLFSAF7a.ocx
2010-07-28 02:26:36 0 d-----w- c:\programdata\Google
2010-07-27 23:44:38 841 ----a-w- c:\users\austin\.recently-used.xbel
2010-07-25 03:36:42 0 d-----w- c:\program files\iPod
2010-07-25 03:36:41 0 d-----w- c:\program files\iTunes
2010-07-19 08:09:57 0 d-----w- c:\program files (x86)\Trend Micro
2010-07-19 07:58:07 0 d-----w- c:\users\austin\appdata\roaming\Malwarebytes
2010-07-19 07:58:00 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-19 07:58:00 0 d-----w- c:\programdata\Malwarebytes
2010-07-19 07:58:00 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-19 07:29:59 0 ----a-w- c:\windows\syswow64\config.nt
2010-07-19 07:29:55 0 d-----w- c:\programdata\Alwil Software
2010-07-19 07:29:55 0 d-----w- c:\program files\Alwil Software
2010-07-18 21:45:56 150 ----a-w- C:\zrpt.xml
2010-07-16 04:06:20 246784 ----a-w- c:\windows\syswow64\guvqp.dll
==================== Find3M ====================
2010-07-14 00:43:22 40581 ----a-w- c:\windows\syswow64\xuvqp.exe
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-02 08:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
2010-06-02 08:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
2010-06-02 08:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-02 00:53:06 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-26 15:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll
2010-05-26 15:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll
2010-05-26 15:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll
2010-05-26 15:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll
2010-05-26 15:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 15:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll
2010-05-26 15:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll
2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f6 96639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
============= FINISH: 18:32:46.13 ===============
Run by Austin at 18:32:03.65 on Sat 08/14/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6134.5356 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Users\Austin\Desktop\Downloads\dds (1).scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moigh Object: {4cb75d59-41eb-4115-a965-af60a299737b} - c:\windows\syswow64\guvqp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\austin\appdata\local\google\update\Googl eUpdate.exe" /c
uRun: [RGSC] c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\RGSCLauncher.exe /silent
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [pombfmrl] c:\users\austin\appdata\local\dybvcjgpl\gwaevynshd w.exe
mRun: [ANIWZCS2Service] "c:\program files (x86)\ani\aniwzcs2 service\WZCSLDR2.exe"
mRun: [D-Link RangeBooster G WDA-2320] "c:\program files (x86)\d-link\rangebooster g wda-2320\AirPlusCFG.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [UnlockerAssistant] "c:\program files (x86)\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [sta] rundll32 "kuvqp.dll",,Run
mRun: [MChk] c:\windows\system32\xuvqp.exe
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\austin\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\digsby.lnk - c:\program files (x86)\digsby\digsby.exe
StartupFolder: c:\users\austin\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\drempe~1.lnk - c:\windows\drempels.exe
StartupFolder: c:\users\austin\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\sta rtup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files (x86)\pokerstars\PokerStarsUpdate.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\postgresql\8.3\bin\pg_ctl.exe [2008-10-31 65536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2002-1-1 24652]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-12 1255736]
=============== Created Last 30 ================
2010-08-11 23:51:06 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 23:51:06 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 23:51:06 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 23:51:06 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-11 23:51:06 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 23:45:59 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-11 23:45:59 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 23:45:59 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-11 23:45:58 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 23:45:58 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 23:45:58 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-09 01:27:10 0 d-----w- c:\programdata\OrbNetworks
2010-08-09 01:27:01 0 d-----w- c:\program files (x86)\Orb Networks
2010-08-02 19:55:07 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-28 02:26:56 3120 ----a-w- c:\windows\syswow64\ALLFSAF7a.ocx
2010-07-28 02:26:36 0 d-----w- c:\programdata\Google
2010-07-27 23:44:38 841 ----a-w- c:\users\austin\.recently-used.xbel
2010-07-25 03:36:42 0 d-----w- c:\program files\iPod
2010-07-25 03:36:41 0 d-----w- c:\program files\iTunes
2010-07-19 08:09:57 0 d-----w- c:\program files (x86)\Trend Micro
2010-07-19 07:58:07 0 d-----w- c:\users\austin\appdata\roaming\Malwarebytes
2010-07-19 07:58:00 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-19 07:58:00 0 d-----w- c:\programdata\Malwarebytes
2010-07-19 07:58:00 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-19 07:29:59 0 ----a-w- c:\windows\syswow64\config.nt
2010-07-19 07:29:55 0 d-----w- c:\programdata\Alwil Software
2010-07-19 07:29:55 0 d-----w- c:\program files\Alwil Software
2010-07-18 21:45:56 150 ----a-w- C:\zrpt.xml
2010-07-16 04:06:20 246784 ----a-w- c:\windows\syswow64\guvqp.dll
==================== Find3M ====================
2010-07-14 00:43:22 40581 ----a-w- c:\windows\syswow64\xuvqp.exe
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-02 08:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
2010-06-02 08:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
2010-06-02 08:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-02 00:53:06 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-26 15:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll
2010-05-26 15:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll
2010-05-26 15:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll
2010-05-26 15:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll
2010-05-26 15:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 15:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll
2010-05-26 15:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll
2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f6 96639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
============= FINISH: 18:32:46.13 ===============
DDS log 2:
Spoiler:
DDS (Ver_10-03-17.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/9/2009 12:54:21 PM
System Uptime: 8/14/2010 6:23:22 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2672/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 1397 GiB total, 949.906 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
==== System Restore Points ===================
RP49: 4/4/2010 10:43:21 PM - Installed Battlefield 2(TM)
RP50: 4/5/2010 11:19:29 AM - Restore Operation
RP51: 4/5/2010 9:15:40 PM - Installed DirectX
RP52: 4/5/2010 9:16:42 PM - Installed GameSpy Comrade.
RP53: 4/12/2010 12:39:52 PM - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP54: 4/12/2010 12:42:44 PM - Installed Assassin's Creed
RP55: 4/12/2010 12:48:16 PM - Installed DirectX
RP56: 4/12/2010 11:36:59 PM - Installed Assassin's Creed II
RP57: 4/12/2010 11:41:16 PM - Installed DirectX
RP58: 4/12/2010 11:42:31 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP59: 4/12/2010 11:43:15 PM - Installed Ubisoft Game Launcher
RP60: 4/15/2010 12:42:01 AM - Windows Update
RP61: 4/15/2010 4:51:51 PM - Shockwave Player
RP62: 4/15/2010 4:52:30 PM - Installed DirectX
RP63: 4/15/2010 4:56:41 PM - Installed Tiger Woods PGA TOUR 08
RP64: 4/16/2010 4:35:16 PM - Installed Windows Movie Maker 2.6
RP65: 4/17/2010 3:30:44 PM - Installed DirectX
RP66: 4/17/2010 3:31:18 PM - Installed DirectX
RP67: 4/18/2010 3:00:26 AM - Windows Update
RP68: 4/25/2010 10:26:08 AM - Scheduled Checkpoint
RP69: 4/28/2010 7:38:50 AM - Restore Operation
RP70: 4/29/2010 3:00:31 AM - Windows Update
RP71: 5/7/2010 10:27:49 AM - Scheduled Checkpoint
RP72: 5/8/2010 11:03:26 PM - Installed DirectX
RP73: 5/8/2010 11:04:40 PM - Installed Fallout 3
RP74: 5/12/2010 3:00:47 AM - Windows Update
RP75: 5/13/2010 3:00:10 AM - Windows Update
RP76: 5/14/2010 12:20:14 AM - Windows Update
RP77: 5/18/2010 2:10:17 PM - Restore Operation
RP78: 5/25/2010 2:25:29 PM - Scheduled Checkpoint
RP79: 5/28/2010 5:40:41 PM - Windows Update
RP80: 6/4/2010 3:09:03 PM - Installed ProductName from default.wxl
RP81: 6/9/2010 3:00:42 AM - Windows Update
RP82: 6/14/2010 3:52:15 AM - Restore Operation
RP83: 6/15/2010 3:00:10 AM - Windows Update
RP84: 6/23/2010 3:00:58 AM - Windows Update
RP85: 6/27/2010 3:00:44 AM - Windows Update
RP86: 7/11/2010 11:05:12 PM - Scheduled Checkpoint
RP87: 7/14/2010 3:00:10 AM - Windows Update
RP88: 7/22/2010 12:00:32 AM - Scheduled Checkpoint
RP89: 7/25/2010 2:47:37 AM - Installed Opera 10.60.
RP90: 7/27/2010 10:26:11 PM - Installed Google SketchUp Pro 7
RP91: 8/3/2010 3:00:41 AM - Windows Update
RP92: 8/8/2010 9:26:40 PM - Installed Orb Runtime libraries
RP93: 8/10/2010 5:43:59 PM - Installed DirectX
RP94: 8/11/2010 4:48:08 PM - Installed DirectX
RP95: 8/12/2010 3:00:10 AM - Windows Update
==== Installed Programs ======================
µTorrent
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player
America's Army 3
ANIWZCS2 Service
Apple Application Support
Apple Software Update
ARMA 2 Demo
Assassin's Creed
Assassin's Creed II
AutoHotkey 1.0.48.03
Battlefield 2
Battlefield 2142
Battlefield Heroes
Battlefield: Bad Company 2
BufferChm
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: World at War
Command & Conquer
Counter-Strike
Counter-Strike: Source
Crysis WARHEAD(R)
Crysis WARHEAD(R) Patch
Crysis Wars(R)
Crysis Wars(R) Patch
Crysis(R)
CustomerResearchQFolder
D4300
D4300_Help
DeviceDiscovery
DeviceManagementQFolder
Digsby
DivX Web Player
DJ_SF_03_D4300_ProductContext
DJ_SF_03_D4300_Software
DJ_SF_03_D4300_Software_Min
Drempels (remove only)
EA Download Manager
EA Download Manager UI
eBay Icon
eSupportQFolder
Eternal Silence
Fallout 3
Fallout Mod Manager 0.11.9
FIFA 10
Flopzilla
Fraps
Full Tilt Poker
FullTiltShortcuts
Game Maker 8.0
Garry's Mod
GIMP 2.6.6
Google Chrome
Google SketchUp Pro 7
GPBaseService
Grand Theft Auto IV
GTK+ Runtime 2.14.7 rev a (remove only)
HijackThis 2.0.2
Holdem Manager
HP Photosmart Essential 2.5
HP Update
HPProductAssistant
HPSSupply
iPhone Configuration Utility
Java(TM) 6 Update 17
JMicron JMB36X Driver
LimeWire 5.2.13
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mojo
Mumble(PR edition) and Murmur(PR edition)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.1
Opera 10.60
Orb
Orb Runtime libraries
PokerStars
PokerStove version 1.23
PostgreSQL 8.3
Project Reality 0909 Full - Part 1 of 2
Project Reality 0909 Full - Part 2 of 2
Project64 1.6
PSSWCORE
PunkBuster Services
QuickTime
Ralink RT6x Wireless LAN Card
RangeBooster G WDA-2320
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Skype™ 4.1
SmartWebPrinting
Smashball
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spheres Of Chaos (remove only)
Status
Street-Ads Browser Enhancer
TableScan Turbo v0.47 (BETA)
TeamViewer 5
The Ship
Tiger Woods PGA TOUR 08
Toolbox
touchtheSky for Opera 10.50+
TrayApp
Trillian
Ubisoft Game Launcher
UnloadSupport
Unlocker 1.8.8
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
Viewpoint Media Player
VirtualCloneDrive
VLC media player 1.0.5
WebReg
Windows Movie Maker 2.6
Yahoo! Toolbar
You've Got Gmail!
==== Event Viewer Messages From Past Week ========
8/14/2010 6:24:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/14/2010 6:24:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/14/2010 6:24:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/14/2010 6:24:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/14/2010 6:24:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/14/2010 6:23:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO spldr Wanarpv6
8/14/2010 6:11:27 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/12/2010 3:20:36 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.78. The computer with the IP address 192.168.1.12 did not allow the name to be claimed by this computer.
8/11/2010 4:29:18 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.28. The computer with the IP address 192.168.1.12 did not allow the name to be claimed by this computer.
8/10/2010 7:28:48 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JULIESLAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC156CC9-EBBC-420D-A7A9-31CC187EDCF3}. The master browser is stopping or an election is being forced.
8/10/2010 10:23:50 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ROCKUBOT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC156CC9-EBBC-420D-A7A9-31CC187EDCF3}. The master browser is stopping or an election is being forced.
==== End Of File ===========================
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/9/2009 12:54:21 PM
System Uptime: 8/14/2010 6:23:22 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2672/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 1397 GiB total, 949.906 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
==== System Restore Points ===================
RP49: 4/4/2010 10:43:21 PM - Installed Battlefield 2(TM)
RP50: 4/5/2010 11:19:29 AM - Restore Operation
RP51: 4/5/2010 9:15:40 PM - Installed DirectX
RP52: 4/5/2010 9:16:42 PM - Installed GameSpy Comrade.
RP53: 4/12/2010 12:39:52 PM - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP54: 4/12/2010 12:42:44 PM - Installed Assassin's Creed
RP55: 4/12/2010 12:48:16 PM - Installed DirectX
RP56: 4/12/2010 11:36:59 PM - Installed Assassin's Creed II
RP57: 4/12/2010 11:41:16 PM - Installed DirectX
RP58: 4/12/2010 11:42:31 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP59: 4/12/2010 11:43:15 PM - Installed Ubisoft Game Launcher
RP60: 4/15/2010 12:42:01 AM - Windows Update
RP61: 4/15/2010 4:51:51 PM - Shockwave Player
RP62: 4/15/2010 4:52:30 PM - Installed DirectX
RP63: 4/15/2010 4:56:41 PM - Installed Tiger Woods PGA TOUR 08
RP64: 4/16/2010 4:35:16 PM - Installed Windows Movie Maker 2.6
RP65: 4/17/2010 3:30:44 PM - Installed DirectX
RP66: 4/17/2010 3:31:18 PM - Installed DirectX
RP67: 4/18/2010 3:00:26 AM - Windows Update
RP68: 4/25/2010 10:26:08 AM - Scheduled Checkpoint
RP69: 4/28/2010 7:38:50 AM - Restore Operation
RP70: 4/29/2010 3:00:31 AM - Windows Update
RP71: 5/7/2010 10:27:49 AM - Scheduled Checkpoint
RP72: 5/8/2010 11:03:26 PM - Installed DirectX
RP73: 5/8/2010 11:04:40 PM - Installed Fallout 3
RP74: 5/12/2010 3:00:47 AM - Windows Update
RP75: 5/13/2010 3:00:10 AM - Windows Update
RP76: 5/14/2010 12:20:14 AM - Windows Update
RP77: 5/18/2010 2:10:17 PM - Restore Operation
RP78: 5/25/2010 2:25:29 PM - Scheduled Checkpoint
RP79: 5/28/2010 5:40:41 PM - Windows Update
RP80: 6/4/2010 3:09:03 PM - Installed ProductName from default.wxl
RP81: 6/9/2010 3:00:42 AM - Windows Update
RP82: 6/14/2010 3:52:15 AM - Restore Operation
RP83: 6/15/2010 3:00:10 AM - Windows Update
RP84: 6/23/2010 3:00:58 AM - Windows Update
RP85: 6/27/2010 3:00:44 AM - Windows Update
RP86: 7/11/2010 11:05:12 PM - Scheduled Checkpoint
RP87: 7/14/2010 3:00:10 AM - Windows Update
RP88: 7/22/2010 12:00:32 AM - Scheduled Checkpoint
RP89: 7/25/2010 2:47:37 AM - Installed Opera 10.60.
RP90: 7/27/2010 10:26:11 PM - Installed Google SketchUp Pro 7
RP91: 8/3/2010 3:00:41 AM - Windows Update
RP92: 8/8/2010 9:26:40 PM - Installed Orb Runtime libraries
RP93: 8/10/2010 5:43:59 PM - Installed DirectX
RP94: 8/11/2010 4:48:08 PM - Installed DirectX
RP95: 8/12/2010 3:00:10 AM - Windows Update
==== Installed Programs ======================
µTorrent
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player
America's Army 3
ANIWZCS2 Service
Apple Application Support
Apple Software Update
ARMA 2 Demo
Assassin's Creed
Assassin's Creed II
AutoHotkey 1.0.48.03
Battlefield 2
Battlefield 2142
Battlefield Heroes
Battlefield: Bad Company 2
BufferChm
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: World at War
Command & Conquer
Counter-Strike
Counter-Strike: Source
Crysis WARHEAD(R)
Crysis WARHEAD(R) Patch
Crysis Wars(R)
Crysis Wars(R) Patch
Crysis(R)
CustomerResearchQFolder
D4300
D4300_Help
DeviceDiscovery
DeviceManagementQFolder
Digsby
DivX Web Player
DJ_SF_03_D4300_ProductContext
DJ_SF_03_D4300_Software
DJ_SF_03_D4300_Software_Min
Drempels (remove only)
EA Download Manager
EA Download Manager UI
eBay Icon
eSupportQFolder
Eternal Silence
Fallout 3
Fallout Mod Manager 0.11.9
FIFA 10
Flopzilla
Fraps
Full Tilt Poker
FullTiltShortcuts
Game Maker 8.0
Garry's Mod
GIMP 2.6.6
Google Chrome
Google SketchUp Pro 7
GPBaseService
Grand Theft Auto IV
GTK+ Runtime 2.14.7 rev a (remove only)
HijackThis 2.0.2
Holdem Manager
HP Photosmart Essential 2.5
HP Update
HPProductAssistant
HPSSupply
iPhone Configuration Utility
Java(TM) 6 Update 17
JMicron JMB36X Driver
LimeWire 5.2.13
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mojo
Mumble(PR edition) and Murmur(PR edition)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.1
Opera 10.60
Orb
Orb Runtime libraries
PokerStars
PokerStove version 1.23
PostgreSQL 8.3
Project Reality 0909 Full - Part 1 of 2
Project Reality 0909 Full - Part 2 of 2
Project64 1.6
PSSWCORE
PunkBuster Services
QuickTime
Ralink RT6x Wireless LAN Card
RangeBooster G WDA-2320
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Skype™ 4.1
SmartWebPrinting
Smashball
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spheres Of Chaos (remove only)
Status
Street-Ads Browser Enhancer
TableScan Turbo v0.47 (BETA)
TeamViewer 5
The Ship
Tiger Woods PGA TOUR 08
Toolbox
touchtheSky for Opera 10.50+
TrayApp
Trillian
Ubisoft Game Launcher
UnloadSupport
Unlocker 1.8.8
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
Viewpoint Media Player
VirtualCloneDrive
VLC media player 1.0.5
WebReg
Windows Movie Maker 2.6
Yahoo! Toolbar
You've Got Gmail!
==== Event Viewer Messages From Past Week ========
8/14/2010 6:24:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/14/2010 6:24:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/14/2010 6:24:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/14/2010 6:24:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/14/2010 6:24:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/14/2010 6:23:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO spldr Wanarpv6
8/14/2010 6:11:27 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/12/2010 3:20:36 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.78. The computer with the IP address 192.168.1.12 did not allow the name to be claimed by this computer.
8/11/2010 4:29:18 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.28. The computer with the IP address 192.168.1.12 did not allow the name to be claimed by this computer.
8/10/2010 7:28:48 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JULIESLAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC156CC9-EBBC-420D-A7A9-31CC187EDCF3}. The master browser is stopping or an election is being forced.
8/10/2010 10:23:50 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ROCKUBOT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC156CC9-EBBC-420D-A7A9-31CC187EDCF3}. The master browser is stopping or an election is being forced.
==== End Of File ===========================
MBAM log:
Spoiler:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
8/14/2010 6:38:40 PM
mbam-log-2010-08-14 (18-38-40).txt
Scan type: Quick scan
Objects scanned: 146944
Time elapsed: 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
www.malwarebytes.org
Database version: 4052
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
8/14/2010 6:38:40 PM
mbam-log-2010-08-14 (18-38-40).txt
Scan type: Quick scan
Objects scanned: 146944
Time elapsed: 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HJT log:
Spoiler:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:37 PM, on 8/14/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support
Running processes:
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Users\Austin\Desktop\Downloads\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Street-Ads Browser Enhancer guvqp - {4CB75D59-41EB-4115-A965-AF60A299737B} - C:\Windows\SysWow64\guvqp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] "C:\Program Files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [sta] rundll32 "kuvqp.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\Windows\system32\xuvqp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Austin\AppData\Local\Google\Update\Googl eUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [pombfmrl] C:\Users\Austin\AppData\Local\dybvcjgpl\gwaevynshd w.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe
O4 - Startup: Drempels Desktop.lnk = C:\Windows\drempels.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/st...r_4.0.27.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)
--
End of file - 10326 bytes
Scan saved at 6:40:37 PM, on 8/14/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support
Running processes:
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Austin\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Users\Austin\Desktop\Downloads\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Street-Ads Browser Enhancer guvqp - {4CB75D59-41EB-4115-A965-AF60A299737B} - C:\Windows\SysWow64\guvqp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] "C:\Program Files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [sta] rundll32 "kuvqp.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\Windows\system32\xuvqp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Austin\AppData\Local\Google\Update\Googl eUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [pombfmrl] C:\Users\Austin\AppData\Local\dybvcjgpl\gwaevynshd w.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe
O4 - Startup: Drempels Desktop.lnk = C:\Windows\drempels.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/st...r_4.0.27.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)
--
End of file - 10326 bytes
Thanks in advance for the help, guys.
08-14-2010
, 07:28 PM
it would be easier to read if you took away the spoiler tags. no tags necessary.
08-14-2010
, 10:38 PM
Join Date: May 2004
Posts: 5,814
What is this? I would remove it.
O2 - BHO: Street-Ads Browser Enhancer guvqp - {4CB75D59-41EB-4115-A965-AF60A299737B} - C:\Windows\SysWow64\guvqp.dll
Also, run CCLEANER and clean up your temp files, run SuperAntiSpyware. What do you use for AV?
O2 - BHO: Street-Ads Browser Enhancer guvqp - {4CB75D59-41EB-4115-A965-AF60A299737B} - C:\Windows\SysWow64\guvqp.dll
Also, run CCLEANER and clean up your temp files, run SuperAntiSpyware. What do you use for AV?
08-14-2010
, 10:41 PM
Join Date: May 2004
Posts: 5,814
Why do you have this?
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
Otherwise you look clean. Run SAS and Avira.
If you are able to run this stuff you are probably in good shape.
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
Otherwise you look clean. Run SAS and Avira.
If you are able to run this stuff you are probably in good shape.
08-15-2010
, 08:58 AM
Join Date: Aug 2009
Posts: 255
This is a program I also use , if you try to delete a file which is in use , the application kill the process which holding the file and let you delete it.
08-15-2010
, 09:51 AM
There is no tags necessary!
08-15-2010
, 04:15 PM
Looks like SAS killed it, thanks guys. Won't use spoilers in the future. Issues like this are usually rare for me but now I guess it's time to actually start running AV/malware scans regularly.
08-15-2010
, 07:24 PM
Join Date: Jun 2010
Posts: 530
In your thread in CTH in July, you wrote
It also became apparent from that thread that you ran outdated versions of some security-sensitive software (e.g., Java).
It's now the 2nd time within 2 months you caught something. Be glad it wasn't anything more severe. But now, learn from these mistakes, go through funky's series of video tutorials (see sticky), and implement good security practices.
It also became apparent from that thread that you ran outdated versions of some security-sensitive software (e.g., Java).
It's now the 2nd time within 2 months you caught something. Be glad it wasn't anything more severe. But now, learn from these mistakes, go through funky's series of video tutorials (see sticky), and implement good security practices.
08-15-2010
, 10:26 PM
I think you're just being results-oriented. My track record without AV is quite impressive.
Last edited by AKSpartan; 08-15-2010 at 10:27 PM.
Reason: but has come to an end
08-15-2010
, 11:10 PM
Join Date: May 2004
Posts: 5,814
It is ridiculous not to have AV, you can get very low impact AV. Free low impact AV is +EV. Also get a firewall. Saying, "well I haven't had much impact in the past" is being results oriented. You came here for advice, so maybe you should take it?
Feedback is used for internal purposes. LEARN MORE
Powered by:
Hand2Note
Copyright ©2008-2022, Hand2Note Interactive LTD