Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Robin at 16:00:36 on 2011-12-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8191.5855 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web
Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat
\ActiveX\AcroIEHelperShim.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - C:\Program Files (x86)\Ant.com\IE
add-on\Download.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack
\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar
\GoogleToolbar_32.dll
BHO: Zoominto.IEPlugin.ZoomintoMain: {acdf77a9-9eda-407f-969f-b3bcbe3217d0} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin
\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web
Printing\hpswp_BHO.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - C:\Program Files (x86)\Ant.com\IE add-on
\AntToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar
\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web
Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Robin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAVCPL~1.LNK - C:
\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm
IE: Zoom Into\Contexts - 2 (0x2)
IE: Zoom Into\Flags - 1 (0x1)
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files
(x86)\Ant.com\IE add-on\Download.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP
\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: line6.net
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
hxxp://cdn.scan.onecare.live.com/resour ... se6770.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -
hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{37C06628-9292-4122-8AF0-B6BBD25AA72C} : DhcpNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery
\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart
Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe
\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files
(x86)\Ant.com\IE add-on\Download.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement
Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google
Toolbar\GoogleToolbar_32.dll
BHO-X64: Zoominto.IEPlugin.ZoomintoMain: {ACDF77A9-9EDA-407f-969F-B3BCBE3217D0} - mscoree.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin
\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart
Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Ant.com Download Toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on
\AntToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar
\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?
d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys
[?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows
\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6
64952]
R2 ASRservice;ASRservice;C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe [2011-12-7 697104]
R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys
[?]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin
\FABS.exe [2009-8-27 1253376]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
[2009-7-17 4948992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
[2011-7-1 2214504]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
[2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
[2011-3-9 491920]
R3 dvdfab;dvdfab;C:\Windows\system32\drivers\dvdfab.sys --> C:\Windows\system32\drivers\dvdfab.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows
\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows
\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows
\system32\drivers\nvhda64v.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/28 20:41:14;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter
\kmsvc.exe [2010-5-14 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services
\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
S3 L6PODX3;L6 POD X3 Service;C:\Windows\system32\Drivers\L6PODX364.sys --> C:\Windows\system32\Drivers
\L6PODX364.sys [?]
S3 L6TPortGX;Service - Line 6 TonePort GX;C:\Windows\system32\Drivers\L6TPortGX64.sys --> C:\Windows\system32\Drivers
\L6TPortGX64.sys [?]
S3 L6UX1;Service - Line 6 UX1;C:\Windows\system32\Drivers\L6UX164.sys --> C:\Windows\system32\Drivers\L6UX164.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19
517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows
\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS
\wdcsam64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows
\system32\atiesrxx.exe [?]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
[2011-8-3 379496]
.
=============== Created Last 30 ================
.
2011-12-11 19:33:38 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates
\{CEBEED48-0EF4-480C-85D7-5EF18F93076C}\offreg.dll
2011-12-11 19:33:35 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates
\{CEBEED48-0EF4-480C-85D7-5EF18F93076C}\mpengine.dll
2011-12-11 09:14:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-09 11:45:54 -------- d-----w- C:\Users\Robin\AppData\Roaming\IObit
2011-12-09 11:22:02 -------- d-----w- C:\41f7dcba618342895cab
2011-12-08 18:41:27 -------- d-----w- C:\$WINDOWS.~LS
2011-12-08 18:33:27 -------- d-----w- C:\$WINDOWS.~BT
2011-12-08 06:35:28 -------- d-----w- C:\Users\Robin\AppData\Roaming\DeepBurner Pro
2011-12-08 04:34:09 5326 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-12-08 04:31:25 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-08 04:20:59 98816 ----a-w- C:\Windows\sed.exe
2011-12-08 04:20:59 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-08 04:20:59 256000 ----a-w- C:\Windows\PEV.exe
2011-12-08 04:20:59 208896 ----a-w- C:\Windows\MBR.exe
2011-12-08 03:47:28 -------- d-----w- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com
2011-12-08 00:34:36 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-07 09:33:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-07 06:06:40 -------- d-----w- C:\ProgramData\IObit
2011-12-07 05:49:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-04 16:13:09 -------- d-----w- C:\Users\Robin\AppData\Local\{0C600D9C-D585-43A4-BBBB-FA17E2B37F44}
2011-12-04 16:12:59 -------- d-----w- C:\Users\Robin\AppData\Local\{1C8E0A02-2C5B-4D85-973D-BA2A2907EFF1}
2011-11-28 23:15:40 -------- d-----w- C:\Users\Robin\CyberLink
2011-11-28 23:12:37 -------- d-----w- C:\Users\Robin\AppData\Roaming\zoominto
2011-11-28 23:12:33 -------- d-----w- C:\Program Files (x86)\zoomintoIE
2011-11-28 22:17:56 -------- d-----r- C:\Users\Robin\pentadactyl
2011-11-28 15:45:21 0 ----a-w- C:\Users\Robin\AppData\Local\BIT4A86.tmp
2011-11-26 01:59:22 -------- d-----w- C:\Users\Robin\AppData\Local\{CE91FB52-1138-455D-AB9A-AC16E01CE8E6}
2011-11-26 01:59:11 -------- d-----w- C:\Users\Robin\AppData\Local\{03E44292-4352-4868-B221-9A2AFABDA503}
2011-11-23 00:44:15 -------- d-----w- C:\Users\Robin\AppData\Local\{A800477D-372E-42B5-AF06-4B8ADFC0C755}
2011-11-23 00:44:03 -------- d-----w- C:\Users\Robin\AppData\Local\{1546113B-3CE4-4339-8BCB-F83682801DAD}
2011-11-18 08:49:31 -------- d-----w- C:\Users\Robin\.gimp-2.6
2011-11-18 06:10:02 -------- d-----w- C:\Users\Robin\AppData\Roaming
\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-11-18 04:02:55 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-11-14 03:29:09 79232 ----a-w- C:\Windows\System32\drivers\dvdfab.sys
2011-11-14 03:29:07 -------- d-----w- C:\Program Files (x86)\DVDFab Passkey
2011-11-14 02:52:53 -------- d-----w- C:\Program Files (x86)\SlySoft
.
==================== Find3M ====================
.
2011-11-29 16:53:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-14 02:43:25 82816 ----a-w- C:\Users\Robin\AppData\Roaming\pcouffin.sys
2011-11-02 00:00:38 5018 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-09-21 02:52:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-21 02:50:46 0 ----a-w- C:\Windows\SysWow64\REN1B6E.tmp
2011-09-21 02:50:46 0 ----a-w- C:\Windows\SysWow64\REN1B6D.tmp
2011-09-21 02:50:46 0 ----a-w- C:\Windows\SysWow64\REN1B6C.tmp
2006-03-26 20:24:18 557056 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.7.dll
2006-03-26 20:23:58 442368 ----a-w- C:\Program Files (x86)\WaveShell-DX 5.7.dll
2006-01-01 21:15:16 405504 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.5.dll
2005-12-21 17:41:48 405504 ----a-w- C:\Program Files (x86)\Vocal_WaveShell-VST 1.1.dll
2005-09-07 22:15:12 98304 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.0.dll
2005-07-17 20:26:04 417792 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.2.dll
.
============= FINISH: 16:01:21.80 ===============
Robinski123 wrote:Hello from Canada!!!.....I have a serious? Infection...Details:
On Dec/6/11, I was checking emails and found one in "Junk".....it said it was from Canada Post......Just by pure coincidence, I just happen to waiting on an Important Letter(Credit Related) from them
so I selected "Safe" and read it.....It came with an Attachment...unfortunatly I downloaded It...STUPID!! I know....The file was a Zip, which I scanned with Both Malwarebytes+Microsoft Security
Essentials...both came up clean!!!...so I unzipped it, deleted the original zip and opened the folder...it contained 1 .pdf and several .txt (0bytes)...I opened the .pdf and the Nightmare Began!!!
Immediatly my screen changed/flashed to a Black screen. Then a bunch (over 20) of rectangular windows showed up...all indicating that my hard drive was failing!!!.there was an option to "Fix" by selecting "OK"....However I didnot..I just forced shutdown by pressing the Start Buttion on my HP. I then started up and the same windows showed up...I shut down again and started with the
Kaspersky Rescue DVD....I would "Boot"..BUT at a certain point it would not continue...."could not find cd"!!....so I restarted in safe mode, ran some scans & was able to start normally, BUT
my desktop was still Black....other symptoms as followed: Start Menu would only show Admin(Empty)...ALL folders were Hidden (I could see then but when opened..were empty!!)..I typed Computer, and Opened it...my drives and partitions still showed up (With correct space used..)...I could access my user folder again by typing it in...same with control panel...etc...Tried a system Restore..
Failed...Tried a Repair computer from a Win 7 Repair disc..to no avail...also all taskbar icon were gone..(But notifications were still there...)...so I deleted ALL system restore points and turned
it off.....did a superantispyware scan in safe mode..found 2 in appdata....ran RKill and it stopped a couple of processes.....rebooted and my desktop was back to normal!! with all my slideshow pics
I started my older second desktop (eMachine T5234-Vista 32) and went on line to fine other anti???....I used my Micro 8GB card to transfer files...I used Combofix..and then everything was almost back to normal.......ALL folders were "Unhidden" and I could open and see contents. BUT MAJOR problems still exist: Updates download BUT are not listed in Windows Update downloads page!!!, tried scannow both normally and from CMD in recovery disc...would not work...Windows Modules Installer Errors "Windows Resource Protetion could not....")......."Turn windows features on or off" is blank........
I would go back and forth between computers and do sugessted "Fixes" on HP......Finally got scannow to run!! (After Restart)...ran for almost 2hrs 30min...restarted...Back to FAST BOOT
BUT problems still exist...Reg+dll+ other are probibly corrupted!!...I am uncertain if I got rid of infection or its hiding???...I want to be certain!!....I have thought of nuking my drive and doing
a clean install!! but only as a LAST resort.....I have so many programs & Personal folder/files....I don't want to back up anything NOW (I have a 2TB WD for backups via sata...it USED to be an external...but usb was way too slow....)....Long story short: am I still Infected and how to repair various win7 problems....I am certain my HP has missing/corrupted system files....sorry for thelong letter but I thought that I should give as much info as possible. I have a Hijackthis log....My HP specs are: Windows 7 64, 8GB RAM, 1 dvd+1 Blu-ray Burner, 2 Hard drives>> Main is partitioned..
c: os and user d: Backup.....2nd drive.2 partitions..a: Audio(Cakewalk Projects.I am a Guitarist/Bassist/Keys/Drummer) b: Vid files Main has 620gb...2nd has 500GB.Thank for ANY info.....the Hijackthis.log is suspicially small!! Help me Obi-Wans, you are my only hope!!!......R