zoghrob Posted January 9, 2014 ID:775636 Share Posted January 9, 2014 I have a Windows 7 Ultimate x64 system. Recently, about 1 or 2 months ago, I noticed there's a lag when I open any folder or choose my computer till contents are shown, but since my hard drive is nearly full I thought this might be the cause. Couple a days ago I noticed that my router's activity light is blinking like mad though I'm not downloading or uploading anything. I thought this may be any normal activity like windows update but the blinking went on for a while so I checked the ongoing internet connections & found out that Explorer.exe is trying to connect & mainly send data. I checked out the IPs it was connecting to & found out that most of them are in Ukraine, Latvia, Netherlands...and other countries within the same region.When I checked which application is doing it I found out it is Explorer.exe in windows folder not the explorer.exe in the sysWOW64 folder.I'm using Eset smart security 7 along with Super Antispyware, both updated & going well. Few days ago, Eset quarantined few files from the Bingdesktop folder (I didn't install anything from Bing). Apart from that they found nothing. I installed MBAM which found few files & dealt with them but alerts keep popping up that explorer.exe is trying to connect to risky IPs & blocked by MBAM.I ran SFC & found nothing wrong with system files. Sorry for being long but here are the DDS logsDDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by Dr_Mansy at 9:30:21 on 2014-01-09Microsoft Windows 7 Ultimate 6.1.7601.1.1256.20.1033.18.4094.1621 [GMT 2:00].AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\USB Safely Remove\USBSRService.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files\Core Temp\Core Temp.exeC:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exeC:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exeC:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exeC:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exeC:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exec:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exeC:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files (x86)\Standard8-in-Right\Standard8inRight.exeC:\Program Files (x86)\USB Disk Security\USBGuard.exeC:\Program Files (x86)\Virtual CD v10\System\VC10Play.exeC:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\BlueStacks\HD-Agent.exeC:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exeC:\Windows\SysWOW64\DllHost.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\WUDFHost.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Download Manager\idmBroker.exeC:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Download Manager\IDMan.exeC:\Program Files (x86)\Internet Download Manager\IEMonitor.exeC:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dllBHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllEB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dlluRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupuRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeuRun: [standard8inRight] "C:\Program Files (x86)\Standard8-in-Right\Standard8inRight.exe" MinimumuRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exemRun: [uSB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exemRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -startmRun: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exemRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorunmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exemRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /bootmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: ????3?? - <no file>IE: ????3?????? - <no file>IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: ????3?? - <no file>IE: ????3?????? - <no file>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 41.128.225.225 213.131.65.20TCP: Interfaces\{A02F60FB-0A38-40DE-8198-76E35848454D} : DHCPNameServer = 41.128.225.225 213.131.65.20Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservicex64-Run: [uSB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startupx64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStartx64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Dr_Mansy\AppData\Roaming\Mozilla\Firefox\Profiles\fq7rlb26.default\FF - prefs.js: network.proxy.http - 189.77.31.82FF - prefs.js: network.proxy.http_port - 80FF - prefs.js: network.proxy.type - 0FF - component: C:\Users\Dr_Mansy\AppData\Roaming\Mozilla\Firefox\Profiles\fq7rlb26.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dllFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dllFF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dllFF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPluginUACElevator.dllFF - plugin: C:\Windows\System32\Wat\npWatWeb.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll.============= SERVICES / DRIVERS ===============.R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2012-1-14 37392]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-6 283200]R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R1 vdrv1000;vdrv1000;C:\Windows\System32\drivers\vdrv1000.sys [2012-1-13 223256]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-8 143088]R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/01/25 19:14:50];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-9-2 148976]R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2011-12-22 818952]R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-12-20 114448]R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2012-1-25 83240]R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2012-1-25 75048]R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2012-1-25 292136]R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-11-9 174968]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-7 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-7 701512]R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2012-1-25 75248]R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-1 1494304]R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-1 15129376]R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2012-1-13 26624]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-19 4308320]R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2012-1-13 1521464]R2 VC10SecS;Virtual CD v10 Management Service;C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [2012-1-13 144712]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-7 25928]R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-1 39200]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-13 535656]R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2013-10-15 123664]R3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\System32\drivers\vcd10bus.sys [2012-1-13 40464]S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-12-20 402192]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\Windows\System32\drivers\Amps2x64.sys [2011-11-21 21504]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-12-18 103576]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-1-13 25640]S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-12-18 37344]S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-1-13 30528]S3 HH10Help.sys;HH10Help.sys;C:\Windows\System32\drivers\HH10Help.sys [2012-1-13 24088]S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-1-8 32512]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-3-6 31800]S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-1-13 51712]S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtVlan60.sys [2012-1-13 24064]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-12-18 204568]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-1-13 51712]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-12 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464].=============== Created Last 30 ================.2014-01-08 17:12:26 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{021AE383-4B02-43F1-9D7A-E88EFADBDA9D}\offreg.dll2014-01-08 16:53:03 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys2014-01-08 15:01:45 -------- d-----w- C:\ProgramData\Licenses2014-01-08 14:56:00 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Simply Super Software2014-01-08 14:53:32 -------- d-----w- C:\ProgramData\Simply Super Software2014-01-08 14:53:32 -------- d-----w- C:\Program Files (x86)\Trojan Remover2014-01-07 22:49:59 -------- d-----w- C:\AdwCleaner2014-01-07 21:20:24 -------- d-----w- C:\Program Files\HitmanPro2014-01-07 21:19:37 -------- d-----w- C:\ProgramData\HitmanPro2014-01-07 16:57:54 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\f7e6300e04eada05f7a93da6153be56e\WMP xMPG Codec Pack.exe2014-01-07 16:57:54 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\bae1b6580875d12270adb1425dd3cc7a\WMP xMPG Codec Pack.exe2014-01-07 16:57:54 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\82f83607f1e6e943ade451f212666215\WMP xMPG Codec Pack.exe2014-01-07 16:57:54 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\0cec43207b5cf9306973bf10981060e6\WMP xMPG Codec Pack.exe2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\f781dd311f6a4303dceafe2a23ae62a7\WMP x264 Codec Pack.exe2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\e1b31681dde76bb9611268e419b7b6f9\WMP x264 Codec Pack.exe2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\8516a840e6f89f589acc24c55e57f0ab\WMP x264 Codec Pack.exe2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\798b372b532e7fd833df46e64368028f\WMP x264 Codec Pack.exe2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\4ef4c18b5ce888c946e0d7c0af7bdfc5\WMP x264 Codec Pack.exe2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\3bc244a0aec647b5313c5b075f29d68a\WMP x264 Codec Pack.exe2014-01-07 13:25:20 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\0ab47326ec9f13ef81a22d4abf17f9de\WMP x264 Codec Pack.exe2014-01-07 11:53:49 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Malwarebytes2014-01-07 11:53:24 -------- d-----w- C:\ProgramData\Malwarebytes2014-01-07 11:53:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-01-07 11:53:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-01-07 11:52:36 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{021AE383-4B02-43F1-9D7A-E88EFADBDA9D}\mpengine.dll2014-01-07 02:15:18 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\d377216f5264b280ff14ff6cfec8b6cc\Total Codec Pack.exe2014-01-06 16:34:06 54525952 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\9af29a756dbab7b1bb5b409643fd0602\Paragon Hard Disk Manager 12 Suite.exe2014-01-06 16:34:06 54525952 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\0a69aa0c956a27d50c79c8afc38e1cbe\2D Truss Analysis.exe2014-01-06 16:34:02 12582912 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\a33250ee9cb9c9f95dffca8cedbb744b\WMP x264 Codec Pack.exe2014-01-05 21:50:57 -------- d-----w- C:\Users\Dr_Mansy\AppData\Local\Evvtion2014-01-04 16:13:31 -------- d-----w- C:\Program Files (x86)\PCSX2 1.0.02014-01-01 13:20:17 -------- d-----w- C:\Users\Dr_Mansy\AppData\Local\NVIDIA Corporation2014-01-01 13:16:52 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys2014-01-01 13:16:51 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll2014-01-01 11:48:23 -------- d-----w- C:\Users\Dr_Mansy\AppData\Local\NVIDIA2014-01-01 11:43:38 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll2014-01-01 11:43:38 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll2014-01-01 08:45:32 -------- d-----w- C:\ProgramData\BlueStacksSetup2013-12-30 18:36:29 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Hoyle Puzzle and Board Games 20122013-12-30 18:29:40 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Hoyle Blackjack2013-12-30 18:21:45 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Hoyle FaceCreator2013-12-30 18:21:45 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Hoyle Card Games 20122013-12-21 15:27:55 -------- d-----w- C:\Program Files (x86)\CSV to vCard2013-12-20 15:52:40 2179072 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll2013-12-19 17:40:41 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\OpalCSVconverter_prefs2013-12-18 00:05:25 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2013-12-18 00:05:24 103576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2013-12-18 00:03:06 37344 ----a-w- C:\Windows\SysWow64\FsUsbExDisk.Sys2013-12-18 00:03:06 233472 ----a-w- C:\Windows\SysWow64\FsUsbExService.Exe2013-12-18 00:03:06 110592 ----a-w- C:\Windows\SysWow64\FsUsbExDevice.Dll2013-12-11 19:07:50 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe2013-12-11 19:07:50 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe2013-12-11 19:07:49 12625920 ----a-w- C:\Windows\System32\wmploc.DLL2013-12-11 19:07:48 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL2013-12-11 18:28:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-12-11 18:28:22 2048 ----a-w- C:\Windows\System32\tzres.dll2013-12-11 18:28:14 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-12-11 18:28:14 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-12-11 14:20:44 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\PixelPlanet2013-12-11 13:35:06 -------- d-----w- C:\ProgramData\PixelPlanet2013-12-11 13:34:51 -------- d-----w- C:\Program Files (x86)\Common Files\XPressUpdate2013-12-11 11:00:53 -------- d-----w- C:\ProgramData\VS Revo Group2013-12-11 10:29:57 -------- d-----w- C:\ProgramData\Nuance2013-12-11 10:24:34 -------- d-----w- C:\Users\Dr_Mansy\AppData\Roaming\Nuance2013-12-11 10:24:34 -------- d-----w- C:\Users\Dr_Mansy\AppData\Local\Investintech.com Inc2013-12-11 10:22:58 -------- d-----w- C:\Program Files (x86)\Investintech.com Inc.==================== Find3M ====================.2014-01-05 05:52:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-01-05 05:52:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-19 01:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe2013-11-13 07:33:59 131072 ----a-w- C:\Windows\System32\IEAdvpack.dll2013-11-07 23:41:38 174968 ----a-w- C:\Windows\System32\drivers\idmwfp.sys2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll2013-10-23 01:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe.============= FINISH: 9:31:13.07 =============== the attach file.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 12/01/12 11:23:46 PMSystem Uptime: 09/01/14 1:18:06 AM (8 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3RProcessor: Intel® Core2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2800/266mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 488 GiB total, 94.189 GiB free.D: is FIXED (NTFS) - 465 GiB total, 52.709 GiB free.E: is FIXED (NTFS) - 455 GiB total, 235.382 GiB free.F: is FIXED (NTFS) - 455 GiB total, 13.717 GiB free.G: is FIXED (NTFS) - 148 GiB total, 17.748 GiB free.H: is FIXED (NTFS) - 149 GiB total, 11.074 GiB free.I: is FIXED (NTFS) - 150 GiB total, 13.873 GiB free.J: is FIXED (NTFS) - 150 GiB total, 2.985 GiB free.K: is CDROM (CDFS)L: is RemovableP: is CDROM ()Q: is CDROM ()R: is CDROM ().==== Disabled Device Manager Items =============.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&001813F79950_C00000000Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&001813F79950_C00000000Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00001800-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00001800-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00001801-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00001801-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&3949728B&0&28BAB5EAC8AF_C00000000Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&001813F79950_C00000000Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&001813F79950_C00000000Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&5001BBE06331_C00000000Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&3949728B&0&5001BBE06331_C00000000Service:.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&0055\7&3949728B&0&0025488680C1_C00000003Service:.==== System Restore Points ===================.RP332: 04/01/14 2:41:35 PM - Windows UpdateRP334: 08/01/14 4:08:01 PM - Revo Uninstaller Pro's restore point - Adobe Photoshop CS5RP336: 09/01/14 5:58:34 AM - Revo Uninstaller Pro's restore point - ScanSoft OmniPage SE 4RP337: 09/01/14 6:03:51 AM - Removed ScanSoft OmniPage SE 4RP338: 09/01/14 6:13:13 AM - Removed Samsung AllShare.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)8-in-RightABBYY FineReader 11 Corporate EditionAdobe After Effects CS6Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Help ManagerAdobe Media PlayerAdobe Photoshop CS6Adobe Shockwave Player 11.6Air ConflictsAirport Firefighter Simulator Version 1.1Alices Tea Cup Madness 1.00Apple Application SupportApple Software UpdateAviSynth 2.5Billiard MastersBlueStacks App PlayerBlueStacks Notification CenterBoilsoft Video Joiner 3.5Boilsoft Video Joiner 6.55Boilsoft Video Splitter 6.33Boris Graffiti for CorelBullzip PDF Printer 7.2.0.1338Canon Easy-PhotoPrint EXCanon Easy-WebPrint EXCanon MP Navigator 3.1Canon MP140 seriesCanon My Image GardenCanon My Image Garden Design FilesCanon My PrinterCanon Utilities Easy-PhotoPrintCBX ShellCDisplayCheat Engine 6.1Chicken Invaders 3CommonContentsCool Edit Pro 2.1Core Temp version 0.99.7Corel VideoStudio Pro X4Corel VideoStudio Ultimate X5CSV to vCardCyberLink PowerDVD 11DAEMON Tools LiteDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDemolition CompanyDesktop Ticker 1.7DeviceIODiagnostic UtilityEasy Tune 6 B11.0823.1Escape From Monkey IslandESET Smart SecurityFaceFilter Studio 2FormatFactory 3.1.0Foxit PhantomPDFFoxit ReaderGeForce Experience NvStream Client ComponentsGlamour PuzzleGPL Ghostscript Lite 9.04HangARoo v2.052Haunted Manor Lord of Mirrors Collectors Edition 1.00ICAImgBurnInternet Download ManagerIPM_VS_ProISCOMIsland of Death Demons and DespairJava 7 Update 45Java Auto UpdaterK-Lite Codec Pack 9.9.2 (64-bit)K-Lite Mega Codec Pack 9.9.2King's Quest I: Quest for the Crown (4.1c)King's Quest II: Romancing the Stones (3.1c)King's Quest III Redux: To Heir is Human (1.1)Kvisoft PDF SplitterMafia 2 version 1.1.0.0Mafia II Music ManagerMafia II version 1.0Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4.5.1Microsoft Office Access MUI (Arabic) 2010Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (Arabic) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (Arabic) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (Arabic) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Language Pack 2010 - Arabic العربيةMicrosoft Office O MUI (Arabic) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (Arabic) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (Arabic) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (Arabic) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (Arabic) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (Arabic) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (Arabic) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (Arabic) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (Arabic) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office SharePoint Designer MUI (Arabic) 2010Microsoft Office Word MUI (Arabic) 2010Microsoft Office Word MUI (English) 2010Microsoft Office X MUI (Arabic) 2010Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC100_CRT_SP1_x64Microsoft_VC100_CRT_SP1_x86Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Monument Builders - TitanicMozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMSVC80_x64_v2MSVC80_x86_v2MSVC90_x64MSVC90_x86MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nokia Connectivity Cable DriverNokia SuiteNotification CenterNVIDIA 3D Vision Controller Driver 331.65NVIDIA 3D Vision Driver 331.65NVIDIA Control Panel 331.65NVIDIA GeForce Experience 1.8.1NVIDIA Graphics Driver 331.65NVIDIA Install ApplicationNVIDIA LED Visualizer 1.0NVIDIA Media Center extensions for DVDNVIDIA Network ServiceNVIDIA PhysXNVIDIA PhysX System Software 9.13.0725NVIDIA PureVideo DecoderNVIDIA ShadowPlay 10.11.15NVIDIA Stereoscopic 3D DriverNVIDIA Update 10.11.15NVIDIA Update CoreNVIDIA Virtual Audio 1.2.19OpenALParagon Partition Manager™ 11 SE PersonalPC Connectivity SolutionPCSX2 - Playstation 2 EmulatorPDF Lock Unlock Tool Demo Version 2.0PDF Password Remover 3.1PDF Password Remover v2.5PDF Password Remover v3.0PDF Settings CS6PDF To JPG 2.0Peter Jackson's King Kong - Gamers EditionPeter Jackson's King Kong - Gamers Edition, âهًٌèے 1.0Police ForceproDAD Mercalli 2.0proDAD Route 4.0proDAD Vitascene 2.0PureHDQuickTimeReal Alternative 2.0.2Realtek Ethernet Controller DriverRealtek High Definition Audio DriverRed Baron ArcadeRevo Uninstaller Pro 3.0.7RiffMaster Pro version 4.0RM Converter 4.12Samsung KiesSAMSUNG USB Driver for Mobile PhonesSandlot Games Client Services 1.2.2Security Update for CAPICOM (KB931906)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2760781) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2837597) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionService Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit EditionSES DriverSetupShareShare64SHIELD StreamingSimCity 4 DeluxeSmartSound Common DataSmartSound Quicktracks 5Sothink Movie DVD MakerSothink Video ConverterStellar Phoenix Photo RecoverySUPERAntiSpywareSurgery Simulator Version 1.0swMSMTanker Truck Simulator 2011TeamViewer 8The Serpent of IsisTotal Recorder 8.4 Professional EditionTotal Video Converter 3.71 100812Tow Truck Simulator 2010 Version 1.32Trojan Remover 6.8.9UltraISOUpdate for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionUpdate Manager B08.1027.1USB Disk SecurityUSB Safely Remove 5.2VIOVirtual CD v10VLC media player 2.0.1VSClassicVSHelpVSProVSUltimateWinAce ArchiverWindows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)Windows Media Encoder 9 SeriesWinRAR 4.11 (64-bit)Wondershare PDF Converter Pro (Build 4.0.1).==== Event Viewer Messages From Past Week ========.09/01/14 9:09:58 AM, Error: Service Control Manager [7034] - The AllShare Framework DMS service terminated unexpectedly. It has done this 1 time(s).09/01/14 9:09:48 AM, Error: Service Control Manager [7034] - The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s).09/01/14 6:04:05 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {9C0BA3C1-2B67-45EB-BF69-BED9658D28D2} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding09/01/14 5:59:15 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@0101000409/01/14 1:20:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvport09/01/14 1:19:27 AM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.09/01/14 1:18:26 AM, Error: EventLog [6008] - The previous system shutdown at 12:48:21 AM on 1/9/2014 was unexpected.09/01/14 1:18:20 AM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.09/01/14 1:18:18 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.09/01/14 1:18:15 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\nvport.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.08/01/14 6:53:08 PM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..06/01/14 2:44:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 8 service to connect.06/01/14 2:44:34 PM, Error: Service Control Manager [7000] - The TeamViewer 8 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.05/01/14 9:32:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.05/01/14 9:31:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.05/01/14 9:26:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Virtual CD v10 Management Service service to connect.05/01/14 9:26:15 PM, Error: Service Control Manager [7000] - The Virtual CD v10 Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.05/01/14 8:15:39 AM, Error: EventLog [6008] - The previous system shutdown at 8:13:25 AM on 1/5/2014 was unexpected.05/01/14 7:42:42 AM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.05/01/14 7:40:43 AM, Error: EventLog [6008] - The previous system shutdown at 12:26:15 AM on 1/5/2014 was unexpected.05/01/14 2:24:34 PM, Error: EventLog [6008] - The previous system shutdown at 2:22:33 PM on 1/5/2014 was unexpected.05/01/14 2:22:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ESET Service service to connect.05/01/14 2:22:36 PM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.05/01/14 2:21:44 PM, Error: EventLog [6008] - The previous system shutdown at 2:19:59 PM on 1/5/2014 was unexpected.05/01/14 1:35:10 PM, Error: EventLog [6008] - The previous system shutdown at 11:44:28 AM on 1/5/2014 was unexpected..==== End Of File =========================== Thank you for your time & concern. Link to post Share on other sites More sharing options...
zoghrob Posted January 9, 2014 Author ID:775803 Share Posted January 9, 2014 In my desperate trials to save my system I tried ADWcleaner and HitMan that showed almost same results as MBAM.I did the cleaning with everything I've got but still to no avail.But something strange happened, once after a reboot the Explorer.exe didn't try to connect to the net at all, then after about 4 hours IExploere tried twice to connect to 2 IPs but MBAM blocked it and everything remained calm till the next reboot where explorer came back to its trials to connect. 2nd time happened now as I'm writing this, after a reboot, Explorer.exe is quiet again without any attempts to connect to the internet.Any Clues?I really appreciate your help. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 21, 2014 Staff ID:780944 Share Posted January 21, 2014 Hello zoghrob I would like to welcome you to the Malware Removal section of the forum. Around here they call me Gringo and I will be glad to help you with your malware problems. Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions. These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one. -AdwCleaner- Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.-Junkware-Removal-Tool- Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running. Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 24, 2014 Staff ID:782240 Share Posted January 24, 2014 Hello 48 Hour bump It has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 27, 2014 Staff ID:783356 Share Posted January 27, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts