Jump to content

Is my Explorer.exe infected


Recommended Posts

I have a Windows 7 Ultimate x64 system. Recently, about 1 or 2 months ago, I noticed there's a lag when I open any folder or choose my computer till contents are shown, but since my hard drive is nearly full I thought this might be the cause. Couple a days ago I noticed that my router's activity light is blinking like mad though I'm not downloading or uploading anything. I thought this may be any normal activity like windows update but the blinking went on for a while so I checked the ongoing internet connections & found out that Explorer.exe is trying to connect & mainly send data. I checked out the IPs it was connecting to & found out that most of them are in Ukraine, Latvia, Netherlands...and other countries within the same region.
When I checked which application is doing it I found out it is Explorer.exe in windows folder not the explorer.exe in the sysWOW64 folder.
I'm using Eset smart security 7 along with Super Antispyware, both updated & going well. Few days ago, Eset quarantined few files from the Bingdesktop folder (I didn't install anything from Bing). Apart from that they found nothing. I installed MBAM which found few files & dealt with them but alerts keep popping up that explorer.exe is trying to connect to risky IPs & blocked by MBAM.
I ran SFC & found nothing wrong with system files.
 
Sorry for being long but here  are the DDS logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Dr_Mansy at 9:30:21 on 2014-01-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.20.1033.18.4094.1621 [GMT 2:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Standard8-in-Right\Standard8inRight.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [standard8inRight] "C:\Program Files (x86)\Standard8-in-Right\Standard8inRight.exe" Minimum
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [uSB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: ????3?? - <no file>
IE: ????3?????? - <no file>
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: ????3?? - <no file>
IE: ????3?????? - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll




TCP: NameServer = 41.128.225.225 213.131.65.20
TCP: Interfaces\{A02F60FB-0A38-40DE-8198-76E35848454D} : DHCPNameServer = 41.128.225.225 213.131.65.20
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [uSB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dr_Mansy\AppData\Roaming\Mozilla\Firefox\Profiles\fq7rlb26.default\


FF - prefs.js: network.proxy.http - 189.77.31.82
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Dr_Mansy\AppData\Roaming\Mozilla\Firefox\Profiles\fq7rlb26.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll
FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPluginUACElevator.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2012-1-14 37392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-6 283200]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vdrv1000;vdrv1000;C:\Windows\System32\drivers\vdrv1000.sys [2012-1-13 223256]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-8 143088]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/01/25 19:14:50];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-9-2 148976]
R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2011-12-22 818952]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-12-20 114448]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2012-1-25 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2012-1-25 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2012-1-25 292136]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-11-9 174968]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-7 701512]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2012-1-25 75248]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-1 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-1 15129376]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2012-1-13 26624]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-19 4308320]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2012-1-13 1521464]
R2 VC10SecS;Virtual CD v10 Management Service;C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [2012-1-13 144712]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-7 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-1 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-13 535656]
R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2013-10-15 123664]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\System32\drivers\vcd10bus.sys [2012-1-13 40464]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-12-20 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\Windows\System32\drivers\Amps2x64.sys [2011-11-21 21504]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-12-18 103576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-1-13 25640]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-12-18 37344]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-1-13 30528]
S3 HH10Help.sys;HH10Help.sys;C:\Windows\System32\drivers\HH10Help.sys [2012-1-13 24088]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-1-8 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-3-6 31800]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-1-13 51712]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtVlan60.sys [2012-1-13 24064]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-12-18 204568]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-1-13 51712]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-12 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
.
=============== Created Last 30 ================
.
2014-01-08 17:12:26 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{021AE383-4B02-43F1-9D7A-E88EFADBDA9D}\offreg.dll
2014-01-08 16:53:03 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-01-08 15:01:45 -------- d-----w- C:\ProgramData\Licenses
2014-01-08 14:56:00 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Simply Super Software
2014-01-08 14:53:32 -------- d-----w- C:\ProgramData\Simply Super Software
2014-01-08 14:53:32 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2014-01-07 22:49:59 -------- d-----w- C:\AdwCleaner
2014-01-07 21:20:24 -------- d-----w- C:\Program Files\HitmanPro
2014-01-07 21:19:37 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-07 16:57:54 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\f7e6300e04eada05f7a93da6153be56e\WMP xMPG Codec Pack.exe
2014-01-07 16:57:54 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\bae1b6580875d12270adb1425dd3cc7a\WMP xMPG Codec Pack.exe
2014-01-07 16:57:54 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\82f83607f1e6e943ade451f212666215\WMP xMPG Codec Pack.exe
2014-01-07 16:57:54 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\0cec43207b5cf9306973bf10981060e6\WMP xMPG Codec Pack.exe
2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\f781dd311f6a4303dceafe2a23ae62a7\WMP x264 Codec Pack.exe
2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\e1b31681dde76bb9611268e419b7b6f9\WMP x264 Codec Pack.exe
2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\8516a840e6f89f589acc24c55e57f0ab\WMP x264 Codec Pack.exe
2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\798b372b532e7fd833df46e64368028f\WMP x264 Codec Pack.exe
2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\4ef4c18b5ce888c946e0d7c0af7bdfc5\WMP x264 Codec Pack.exe
2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\3bc244a0aec647b5313c5b075f29d68a\WMP x264 Codec Pack.exe
2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\0ab47326ec9f13ef81a22d4abf17f9de\WMP x264 Codec Pack.exe
2014-01-07 11:53:49 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Malwarebytes
2014-01-07 11:53:24 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-07 11:53:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-07 11:53:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 11:52:36 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{021AE383-4B02-43F1-9D7A-E88EFADBDA9D}\mpengine.dll
2014-01-07 02:15:18 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\d377216f5264b280ff14ff6cfec8b6cc\Total Codec Pack.exe
2014-01-06 16:34:06 54525952 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\9af29a756dbab7b1bb5b409643fd0602\Paragon Hard Disk Manager 12 Suite.exe
2014-01-06 16:34:06 54525952 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\0a69aa0c956a27d50c79c8afc38e1cbe\2D Truss Analysis.exe
2014-01-06 16:34:02 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\a33250ee9cb9c9f95dffca8cedbb744b\WMP x264 Codec Pack.exe
2014-01-05 21:50:57 -------- d-----w- C:\Users\Dr_Mansy\AppData\Local\Evvtion
2014-01-04 16:13:31 -------- d-----w- C:\Program Files (x86)\PCSX2 1.0.0
2014-01-01 13:20:17 -------- d-----w- C:\Users\Dr_Mansy\AppData\Local\NVIDIA Corporation
2014-01-01 13:16:52 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-01-01 13:16:51 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-01-01 11:48:23 -------- d-----w- C:\Users\Dr_Mansy\AppData\Local\NVIDIA
2014-01-01 11:43:38 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-01-01 11:43:38 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-01-01 08:45:32 -------- d-----w- C:\ProgramData\BlueStacksSetup
2013-12-30 18:36:29 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Hoyle Puzzle and Board Games 2012
2013-12-30 18:29:40 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Hoyle Blackjack
2013-12-30 18:21:45 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Hoyle FaceCreator
2013-12-30 18:21:45 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Hoyle Card Games 2012
2013-12-21 15:27:55 -------- d-----w- C:\Program Files (x86)\CSV to vCard
2013-12-20 15:52:40 2179072 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2013-12-19 17:40:41 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\OpalCSVconverter_prefs
2013-12-18 00:05:25 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-12-18 00:05:24 103576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-12-18 00:03:06 37344 ----a-w- C:\Windows\SysWow64\FsUsbExDisk.Sys
2013-12-18 00:03:06 233472 ----a-w- C:\Windows\SysWow64\FsUsbExService.Exe
2013-12-18 00:03:06 110592 ----a-w- C:\Windows\SysWow64\FsUsbExDevice.Dll
2013-12-11 19:07:50 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 19:07:50 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 19:07:49 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 19:07:48 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 18:28:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-11 18:28:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-11 18:28:14 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 18:28:14 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 14:20:44 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\PixelPlanet
2013-12-11 13:35:06 -------- d-----w- C:\ProgramData\PixelPlanet
2013-12-11 13:34:51 -------- d-----w- C:\Program Files (x86)\Common Files\XPressUpdate
2013-12-11 11:00:53 -------- d-----w- C:\ProgramData\VS Revo Group
2013-12-11 10:29:57 -------- d-----w- C:\ProgramData\Nuance
2013-12-11 10:24:34 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Nuance
2013-12-11 10:24:34 -------- d-----w- C:\Users\Dr_Mansy\AppData\Local\Investintech.com Inc
2013-12-11 10:22:58 -------- d-----w- C:\Program Files (x86)\Investintech.com Inc
.
==================== Find3M ====================
.
2014-01-05 05:52:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-05 05:52:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-19 01:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-13 07:33:59 131072 ----a-w- C:\Windows\System32\IEAdvpack.dll
2013-11-07 23:41:38 174968 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 01:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 9:31:13.07 ===============
 
the attach file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/01/12 11:23:46 PM
System Uptime: 09/01/14 1:18:06 AM (8 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3R
Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 488 GiB total, 94.189 GiB free.
D: is FIXED (NTFS) - 465 GiB total, 52.709 GiB free.
E: is FIXED (NTFS) - 455 GiB total, 235.382 GiB free.
F: is FIXED (NTFS) - 455 GiB total, 13.717 GiB free.
G: is FIXED (NTFS) - 148 GiB total, 17.748 GiB free.
H: is FIXED (NTFS) - 149 GiB total, 11.074 GiB free.
I: is FIXED (NTFS) - 150 GiB total, 13.873 GiB free.
J: is FIXED (NTFS) - 150 GiB total, 2.985 GiB free.
K: is CDROM (CDFS)
L: is Removable
P: is CDROM ()
Q: is CDROM ()
R: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&001813F79950_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&001813F79950_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001800-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001800-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001801-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001801-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&001813F79950_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&001813F79950_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&5001BBE06331_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&5001BBE06331_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003
Service:
.
==== System Restore Points ===================
.
RP332: 04/01/14 2:41:35 PM - Windows Update
RP334: 08/01/14 4:08:01 PM - Revo Uninstaller Pro's restore point - Adobe Photoshop CS5
RP336: 09/01/14 5:58:34 AM - Revo Uninstaller Pro's restore point - ScanSoft OmniPage SE 4
RP337: 09/01/14 6:03:51 AM - Removed ScanSoft OmniPage SE 4
RP338: 09/01/14 6:13:13 AM - Removed Samsung AllShare
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
8-in-Right
ABBYY FineReader 11 Corporate Edition
Adobe After Effects CS6
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Photoshop CS6
Adobe Shockwave Player 11.6
Air Conflicts
Airport Firefighter Simulator Version 1.1
Alices Tea Cup Madness 1.00
Apple Application Support
Apple Software Update
AviSynth 2.5
Billiard Masters
BlueStacks App Player
BlueStacks Notification Center
Boilsoft Video Joiner 3.5
Boilsoft Video Joiner 6.55
Boilsoft Video Splitter 6.33
Boris Graffiti for Corel
Bullzip PDF Printer 7.2.0.1338
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator 3.1
Canon MP140 series
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Utilities Easy-PhotoPrint
CBX Shell
CDisplay
Cheat Engine 6.1
Chicken Invaders 3
Common
Contents
Cool Edit Pro 2.1
Core Temp version 0.99.7
Corel VideoStudio Pro X4
Corel VideoStudio Ultimate X5
CSV to vCard
CyberLink PowerDVD 11
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Demolition Company
Desktop Ticker 1.7
DeviceIO
Diagnostic Utility
Easy Tune 6 B11.0823.1
Escape From Monkey Island
ESET Smart Security
FaceFilter Studio 2
FormatFactory 3.1.0
Foxit PhantomPDF
Foxit Reader
GeForce Experience NvStream Client Components
Glamour Puzzle
GPL Ghostscript Lite 9.04
HangARoo v2.052
Haunted Manor Lord of Mirrors Collectors Edition 1.00
ICA
ImgBurn
Internet Download Manager
IPM_VS_Pro
ISCOM
Island of Death Demons and Despair
Java 7 Update 45
Java Auto Updater
K-Lite Codec Pack 9.9.2 (64-bit)
K-Lite Mega Codec Pack 9.9.2
King's Quest I: Quest for the Crown (4.1c)
King's Quest II: Romancing the Stones (3.1c)
King's Quest III Redux: To Heir is Human (1.1)
Kvisoft PDF Splitter
Mafia 2 version 1.1.0.0
Mafia II Music Manager
Mafia II version 1.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (Arabic) 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (Arabic) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (Arabic) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (Arabic) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Language Pack 2010 - Arabic العربية
Microsoft Office O MUI (Arabic) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Arabic) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (Arabic) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (Arabic) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Arabic) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (Arabic) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (Arabic) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (Arabic) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Arabic) 2010
Microsoft Office Word MUI (Arabic) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office X MUI (Arabic) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Monument Builders - Titanic
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Suite
Notification Center
NVIDIA 3D Vision Controller Driver 331.65
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 331.65
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Media Center extensions for DVD
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA PureVideo Decoder
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
OpenAL
Paragon Partition Manager™ 11 SE Personal
PC Connectivity Solution
PCSX2 - Playstation 2 Emulator
PDF Lock Unlock Tool Demo Version 2.0
PDF Password Remover 3.1
PDF Password Remover v2.5
PDF Password Remover v3.0
PDF Settings CS6
PDF To JPG 2.0
Peter Jackson's King Kong - Gamers Edition
Peter Jackson's King Kong - Gamers Edition, âهًٌèے 1.0
Police Force
proDAD Mercalli 2.0
proDAD Route 4.0
proDAD Vitascene 2.0
PureHD
QuickTime
Real Alternative 2.0.2
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Red Baron Arcade
Revo Uninstaller Pro 3.0.7
RiffMaster Pro version 4.0
RM Converter 4.12
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Sandlot Games Client Services 1.2.2
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition
SES Driver
Setup
Share
Share64
SHIELD Streaming
SimCity 4 Deluxe
SmartSound Common Data
SmartSound Quicktracks 5
Sothink Movie DVD Maker
Sothink Video Converter
Stellar Phoenix Photo Recovery
SUPERAntiSpyware
Surgery Simulator Version 1.0
swMSM
Tanker Truck Simulator 2011
TeamViewer 8
The Serpent of Isis
Total Recorder 8.4 Professional Edition
Total Video Converter 3.71 100812
Tow Truck Simulator 2010 Version 1.32
Trojan Remover 6.8.9
UltraISO
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Manager B08.1027.1
USB Disk Security
USB Safely Remove 5.2
VIO
Virtual CD v10
VLC media player 2.0.1
VSClassic
VSHelp
VSPro
VSUltimate
WinAce Archiver
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
Windows Media Encoder 9 Series
WinRAR 4.11 (64-bit)
Wondershare PDF Converter Pro (Build 4.0.1)
.
==== Event Viewer Messages From Past Week ========
.
09/01/14 9:09:58 AM, Error: Service Control Manager [7034] - The AllShare Framework DMS service terminated unexpectedly. It has done this 1 time(s).
09/01/14 9:09:48 AM, Error: Service Control Manager [7034] - The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s).
09/01/14 6:04:05 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {9C0BA3C1-2B67-45EB-BF69-BED9658D28D2} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding
09/01/14 5:59:15 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
09/01/14 1:20:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvport
09/01/14 1:19:27 AM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
09/01/14 1:18:26 AM, Error: EventLog [6008] - The previous system shutdown at 12:48:21 AM on ‎1/‎9/‎2014 was unexpected.
09/01/14 1:18:20 AM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.
09/01/14 1:18:18 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
09/01/14 1:18:15 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\nvport.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
08/01/14 6:53:08 PM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
06/01/14 2:44:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 8 service to connect.
06/01/14 2:44:34 PM, Error: Service Control Manager [7000] - The TeamViewer 8 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/01/14 9:32:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
05/01/14 9:31:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
05/01/14 9:26:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Virtual CD v10 Management Service service to connect.
05/01/14 9:26:15 PM, Error: Service Control Manager [7000] - The Virtual CD v10 Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/01/14 8:15:39 AM, Error: EventLog [6008] - The previous system shutdown at 8:13:25 AM on ‎1/‎5/‎2014 was unexpected.
05/01/14 7:42:42 AM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
05/01/14 7:40:43 AM, Error: EventLog [6008] - The previous system shutdown at 12:26:15 AM on ‎1/‎5/‎2014 was unexpected.
05/01/14 2:24:34 PM, Error: EventLog [6008] - The previous system shutdown at 2:22:33 PM on ‎1/‎5/‎2014 was unexpected.
05/01/14 2:22:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ESET Service service to connect.
05/01/14 2:22:36 PM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/01/14 2:21:44 PM, Error: EventLog [6008] - The previous system shutdown at 2:19:59 PM on ‎1/‎5/‎2014 was unexpected.
05/01/14 1:35:10 PM, Error: EventLog [6008] - The previous system shutdown at 11:44:28 AM on ‎1/‎5/‎2014 was unexpected.
.
==== End Of File ===========================

 

Thank you for your time & concern.

Link to post
Share on other sites

In my desperate trials to save my system I tried ADWcleaner  and HitMan that showed almost same results as MBAM.

I did the cleaning with everything I've got but still to no avail.

But something strange happened, once after a reboot the Explorer.exe didn't try to connect to the net at all, then after about 4 hours IExploere tried twice to connect to 2 IPs but MBAM blocked it and everything remained calm till the next reboot where explorer came back to its trials to connect. 2nd time happened now as I'm writing this, after a reboot, Explorer.exe is quiet again without any attempts to connect to the internet.

Any Clues?

I really appreciate your help.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hello zoghrob

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.