Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Computer running slow & Internet explorer instances running in task manager

This is a discussion on Computer running slow & Internet explorer instances running in task manager within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi Suddenly my computer has been running quite slow and there is HDD activity all the time. I noticed there


Closed Thread
 
Thread Tools Search this Thread
Old 12-12-2014, 11:36 AM   #1
Registered Member
 
Join Date: Feb 2008
Posts: 15
OS: Win XP SP3



Hi Suddenly my computer has been running quite slow and there is HDD activity all the time. I noticed there is a blank page - Internet explorer entry running in task manager (which keeps coming back even if i manually stop it) and a couple of iexplore processes running in the background although I havene't opened any IE windows.



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
Run by Yannis at 1812 on 2014-12-11
Microsoft Windows 7 Professional 6.1.7601.1.1253.30.1033.18.3551.821 [GMT 1:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\bdwtxapps.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\VPNCheck\VPNCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Yannis\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN3BMDSHF405RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
uRun: [VPNCheck] C:\Program Files (x86)\VPNCheck\startVPNCheck.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
mRun: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Yannis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0A9452DF-896E-4AA2-803F-715D798D167D} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{15A0F470-FDF3-4C19-B3B4-11D4E6F65F25} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2F5319DE-D4D7-44FA-862E-600BB57B184E} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{405300C0-615E-4392-AFA5-BD63BBC19D37} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{92A11F12-D355-4021-9090-CD528ED95178} : NameServer = 80.67.8.203 80.67.14.78
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
x64-Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
x64-Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yannis\AppData\Roaming\Mozilla\Firefox\Profiles\po0j6rud.default-1418105174619\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BankID\npBispBrowser.dll
FF - plugin: C:\Program Files (x86)\BankID\npBispBrowser_x64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-11-16 1288472]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-11-16 150256]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2014-11-16 107080]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-5-30 123152]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-5-30 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-5-30 774928]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-23 1148744]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-19 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-19 969016]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2014-8-21 239696]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-9-5 6364024]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-11 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-11 19439944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-22 411936]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-6-22 5093216]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [2014-11-16 67320]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2014-11-16 263032]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-11-16 647752]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\System32\drivers\ffusb2audio.sys [2014-2-16 127280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-14 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-19 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-19 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-11 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-23 38048]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-7-23 52736]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-5-30 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2014-11-16 82824]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-29 103448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-25 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-29 203672]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-25 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-22 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-12-10 19:52:43 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-10 19:52:43 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 19:52:43 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 19:52:43 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-10 19:52:43 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-10 19:52:43 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-10 19:52:43 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-10 19:52:43 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-10 19:52:43 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-10 19:52:42 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 12:48:00 187904 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-12-10 12:48:00 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-12-10 12:48:00 143872 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-12-10 12:48:00 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-12-09 16:22:23 -------- d-----w- C:\ProgramData\GFACE
2014-12-09 05:54:01 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCE9AC03-930E-47B0-B5EA-006B93E15819}\mpengine.dll
2014-12-08 19:29:54 -------- d-----w- C:\AdwCleaner
2014-12-07 13:22:34 -------- d-----w- C:\Program Files (x86)\LEGO Batman 3 - Beyond Gotham
2014-12-06 18:41:19 -------- d-----w- C:\Program Files\Enigma Software Group
2014-12-04 17:58:33 -------- d-----w- C:\Program Files\iPod
2014-12-04 17:58:32 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-04 17:58:32 -------- d-----w- C:\Program Files\iTunes
2014-12-04 17:58:32 -------- d-----w- C:\Program Files (x86)\iTunes
2014-11-30 20:16:32 -------- d-----w- C:\Users\Yannis\AppData\Roaming\MMFApplications
2014-11-30 19:18:47 -------- d-----w- C:\Users\Yannis\AppData\Roaming\moters
2014-11-30 17:56:59 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2014-11-30 16:55:08 106408 ----a-w- C:\Windows\SysWow64\steam_api.dll
2014-11-25 12:59:38 18638520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-23 18:30:26 -------- d-----w- C:\Program Files (x86)\VPNCheck
2014-11-23 11:19:51 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-11-23 11:19:51 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-11-23 11:18:31 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-11-23 11:18:31 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-11-19 15:11:42 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 15:11:42 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 15:11:42 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-19 15:11:41 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 05:23:24 -------- d-sh--w- C:\Users\Yannis\AppData\Local\EmieBrowserModeList
2014-11-19 03:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-17 19:38:05 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-16 19:01:36 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2014-11-16 19:01:36 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2014-11-16 19:01:33 263032 ----a-w- C:\Windows\System32\drivers\avchv.sys
2014-11-16 19:01:32 452040 ----a-w- C:\Windows\System32\drivers\trufos.sys
2014-11-16 18:31:55 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-16 18:04:22 478124 ----a-w- C:\ProgramData\1416160482.bdinstall.bin
2014-11-16 18:02:56 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2014-11-16 18:02:56 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2014-11-16 18:02:56 511328 ----a-w- C:\Windows\capicom.dll
2014-11-16 18:02:46 647752 ----a-w- C:\Windows\System32\drivers\avckf.sys
2014-11-16 18:02:46 1288472 ----a-w- C:\Windows\System32\drivers\avc3.sys
2014-11-16 17:55:30 84848 ----a-w- C:\Windows\System32\BDSandBoxUISkin.dll
2014-11-16 17:55:30 34384 ----a-w- C:\Windows\System32\BDSandBoxUH.dll
2014-11-16 17:55:25 150256 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2014-11-16 17:42:47 -------- d-----w- C:\ProgramData\BDLogging
2014-11-16 17:42:18 -------- d-----w- C:\Users\Yannis\AppData\Roaming\Bitdefender
2014-11-16 17:42:13 3271472 ---ha-w- C:\bdr-bz01
2014-11-16 17:39:10 -------- d-----w- C:\ProgramData\Bitdefender
2014-11-16 17:39:03 -------- d-----w- C:\Program Files\Bitdefender
2014-11-16 17:38:44 -------- d-----w- C:\Users\Yannis\AppData\Roaming\QuickScan
2014-11-16 16:33:28 -------- d-----w- C:\Users\Yannis\AppData\Roaming\KeePass
2014-11-16 16:32:02 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2
2014-11-16 16:30:03 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2014-11-16 16:29:41 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2014-11-15 11:03:09 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2014-11-15 11:03:09 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2014-11-15 11:03:09 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2014-11-15 11:03:09 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2014-11-15 11:03:05 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2014-11-15 11:03:05 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-11-15 11:03:02 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-11-15 11:03:02 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-11-15 11:02:57 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-11-15 11:02:57 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-11-15 11:02:54 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2014-11-15 11:02:54 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2014-11-15 11:02:40 107368 ----a-w- C:\Windows\System32\xinput1_3.dll
2014-11-15 10:15:36 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-11-15 10:15:33 -------- d-----w- C:\Program Files (x86)\Steam
2014-11-13 05:27:40 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-13 05:27:40 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-13 05:27:38 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-13 05:27:38 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-13 05:27:38 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-13 05:27:38 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-13 05:27:38 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-13 05:27:37 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-13 05:27:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-13 05:25:01 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-13 05:25:01 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-11-13 05:25:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-11-13 05:25:01 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2014-12-11 17:07:08 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-10 13:38:10 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 13:38:10 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-22 0323 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 0311 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:43 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 0232 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:55:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 05:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 05:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 05:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-09 08:54:08 129752 ----a-w- C:\Windows\System32\drivers\707F4DB3.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-04 13:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-17 17:39:42 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-09-29 17:01:34 11830 ----a-w- C:\Users\Yannis\advanced_ip_scanner_MAC.bin
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-17 02:13:36 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-09-17 02:13:36 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-09-17 02:12:40 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-09-17 02:12:39 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
.
============= FINISH: 18:12:43,87 ===============
Attached Files
File Type: zip attach.zip (47.2 KB, 90 views)
yancim is offline  
Sponsored Links
Advertisement
 
Old 12-17-2014, 12:50 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-18-2014, 09:55 PM   #3
Registered Member
 
Join Date: Feb 2008
Posts: 15
OS: Win XP SP3



Hi
Please see below as requsted

Thanks

ComboFix 14-12-10.03 - Yannis 18/12/2014 20:33:20.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1253.30.1033.18.3551.2123 [GMT 1:00]
Running from: c:\users\Yannis\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1416160482.bdinstall.bin
c:\users\Yannis\AppData\Local\Temp\_MEI58642\_ctypes.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\_elementtree.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\_hashlib.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\_multiprocessing.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\_socket.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\_ssl.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\hashobjs_ext.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\pyexpat.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\pysqlite2._sqlite.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\python27.dll
c:\users\Yannis\AppData\Local\Temp\_MEI58642\pythoncom27.dll
c:\users\Yannis\AppData\Local\Temp\_MEI58642\PyWinTypes27.dll
c:\users\Yannis\AppData\Local\Temp\_MEI58642\select.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\unicodedata.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32api.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32com.shell.shell.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32crypt.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32event.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32file.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32gui.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32inet.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32pdh.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32pipe.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32process.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32profile.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32security.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\win32ts.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\windows._lib_cacheinvalidation.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wx._animate.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wx._controls_.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wx._core_.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wx._gdi_.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wx._html2.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wx._misc_.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wx._windows_.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wx._wizard.pyd
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wxbase294u_net_vc90.dll
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wxbase294u_vc90.dll
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wxmsw294u_adv_vc90.dll
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wxmsw294u_core_vc90.dll
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wxmsw294u_html_vc90.dll
c:\users\Yannis\AppData\Local\Temp\_MEI58642\wxmsw294u_webview_vc90.dll
c:\users\Yannis\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2014-11-18 to 2014-12-18 )))))))))))))))))))))))))))))))
.
.
2014-12-18 19:49 . 2014-12-18 19:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-12-18 19:49 . 2014-12-18 19:49 -------- d-----w- c:\users\Erik\AppData\Local\temp
2014-12-18 19:49 . 2014-12-18 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-17 19:06 . 2014-12-17 19:06 155912 ----a-w- c:\windows\system32\drivers\gzflt.sys
2014-12-17 19:06 . 2014-12-17 19:06 84336 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2014-12-17 19:06 . 2014-12-17 19:06 33360 ----a-w- c:\windows\system32\bdsandboxuh.dll
2014-12-17 18:43 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-17 18:43 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-16 09:51 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73C2F84B-ACBB-4F59-AEE4-FD441DD65A47}\mpengine.dll
2014-12-13 17:31 . 2014-12-13 17:31 -------- d-----w- c:\programdata\Package Cache
2014-12-13 14:00 . 2014-12-13 14:00 -------- d-----w- C:\Downloads
2014-12-10 19:52 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 19:52 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 19:52 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 19:52 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 19:52 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 19:52 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-10 19:52 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-10 19:52 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-10 19:52 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-10 19:52 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-09 16:22 . 2014-12-09 16:27 -------- d-----w- c:\programdata\GFACE
2014-12-09 16:22 . 2014-12-09 16:27 -------- d-----w- c:\users\Erik\AppData\Local\wf-launcher
2014-12-08 19:29 . 2014-12-08 19:32 -------- d-----w- C:\AdwCleaner
2014-12-07 13:22 . 2014-12-07 13:57 -------- d-----w- c:\program files (x86)\LEGO Batman 3 - Beyond Gotham
2014-12-06 18:41 . 2014-12-06 18:41 -------- d-----w- c:\program files\Enigma Software Group
2014-12-05 17:40 . 2014-12-05 17:40 -------- d-----w- c:\users\Erik\AppData\Local\SCE
2014-12-05 16:53 . 2014-12-05 16:53 -------- d-----w- c:\users\Erik\AppData\Roaming\HeroesAndGeneralsDesktop
2014-12-04 17:58 . 2014-12-04 17:58 -------- d-----w- c:\program files\iPod
2014-12-04 17:58 . 2014-12-04 17:59 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-04 17:58 . 2014-12-04 17:59 -------- d-----w- c:\program files\iTunes
2014-12-04 17:58 . 2014-12-04 17:59 -------- d-----w- c:\program files (x86)\iTunes
2014-12-03 16:16 . 2014-12-03 16:16 -------- d-----w- c:\users\Erik\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-12-03 15:44 . 2014-12-03 15:45 -------- d-----w- c:\users\Erik\AppData\Roaming\MMFApplications
2014-11-30 20:16 . 2014-11-30 20:17 -------- d-----w- c:\users\Yannis\AppData\Roaming\MMFApplications
2014-11-30 19:18 . 2014-11-30 19:18 -------- d-----w- c:\users\Yannis\AppData\Roaming\moters
2014-11-30 17:56 . 2007-05-16 15:45 4496232 ----a-w- c:\windows\system32\d3dx9_34.dll
2014-11-30 16:55 . 2013-11-14 14:51 106408 ----a-w- c:\windows\SysWow64\steam_api.dll
2014-11-25 18:15 . 2014-11-25 18:20 -------- d-----w- c:\users\Erik\AppData\Roaming\Bitdefender
2014-11-25 12:59 . 2014-11-25 12:59 18638520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-23 18:30 . 2014-11-23 18:30 -------- d-----w- c:\program files (x86)\VPNCheck
2014-11-23 11:19 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-11-23 11:19 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-11-23 11:18 . 2014-09-04 19:14 38048 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-11-23 11:18 . 2014-09-04 19:14 32416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-11-19 15:11 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 15:11 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 15:11 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 15:11 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-19 08:35 . 2014-11-19 08:40 -------- d-----w- c:\users\Catarina\AppData\Roaming\Bitdefender
2014-11-19 05:23 . 2014-11-19 05:23 -------- d-sh--w- c:\users\Yannis\AppData\Local\EmieBrowserModeList
2014-11-19 03:31 . 2014-11-19 03:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-18 20:12 . 2014-06-19 18:13 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-17 19:06 . 2014-11-16 18:02 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2014-12-17 19:06 . 2014-11-16 19:01 74000 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2014-12-14 17:14 . 2013-11-09 16:11 11830 ----a-w- c:\users\Yannis\advanced_ip_scanner_MAC.bin
2014-12-11 21:36 . 2013-06-22 04:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 21:36 . 2013-06-22 04:17 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 19:55 . 2013-06-22 04:50 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-24 13:04 . 2013-06-21 19:14 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-21 05:14 . 2014-06-19 18:13 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-06-19 18:13 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-06-14 06:54 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-16 19:01 . 2014-11-16 19:01 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2014-11-16 19:01 . 2014-11-16 19:01 263032 ----a-w- c:\windows\system32\drivers\avchv.sys
2014-11-16 19:01 . 2014-11-16 19:01 452040 ----a-w- c:\windows\system32\drivers\trufos.sys
2014-11-16 19:01 . 2014-11-16 18:02 1288472 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-11-09 08:54 . 2014-11-09 08:54 129752 ----a-w- c:\windows\system32\drivers\707F4DB3.sys
2014-10-25 01:57 . 2014-11-13 05:24 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-13 05:24 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 16:33 . 2014-11-17 19:38 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05 . 2014-11-13 05:24 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-13 05:24 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-17 17:39 . 2014-10-17 17:39 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-10-14 02:16 . 2014-11-13 05:27 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-13 05:27 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-13 05:24 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-13 05:27 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-13 05:27 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-13 05:27 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-13 05:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-13 05:24 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-13 05:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-13 05:27 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-13 05:27 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-13 05:24 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-13 05:24 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-13 05:24 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-13 05:24 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-13 05:24 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-13 05:24 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-13 05:24 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-13 05:24 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-13 05:24 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-01 14:12 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 14:12 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-11-27 30524520]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2014-12-17 790880]
"VPNCheck"="c:\program files (x86)\VPNCheck\startVPNCheck.exe" [2011-03-01 57240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-05-30 832272]
"IME JPN 2007 Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-09-19 63856]
"Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-10-07 2109952]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\Yannis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3BMDSHF405RQ;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-22 21:36]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23 14:59]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23 14:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-09-19 119664]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-26 59248]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2014-12-17 1686480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{92A11F12-D355-4021-9090-CD528ED95178}: NameServer = 80.67.8.223 80.67.14.78
FF - ProfilePath - c:\users\Yannis\AppData\Roaming\Mozilla\Firefox\Profiles\po0j6rud.default-1418105174619\
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Bitdefender\Bitdefender 2015\Antispam32\bdwtxapps.exe
c:\program files (x86)\VPNCheck\VPNCheck.exe
.
**************************************************************************
.
Completion time: 2014-12-18 21:18:21 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-18 20:18
.
Pre-Run: 655.417.405.440 bytes free
Post-Run: 657.312.141.312 bytes free
.
- - End Of File - - F483D4E6E49887CB26838FCA73CE6C13
A36C5E4F47E84449FF07ED3517B43A31
yancim is offline  
Sponsored Links
Advertisement
 
Old 12-19-2014, 08:39 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello yancim. You're very welcome. Any improvement in behavior?

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "c:\program files\Enigma Software Group"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-19-2014, 11:44 PM   #5
Registered Member
 
Join Date: Feb 2008
Posts: 15
OS: Win XP SP3



Thank you for your reply. Unfortunately last night the Blank page - Internet explorer application still popped up in the task manager (with a couple of iexplore process instances) without me running IE at all. Here comes the log you requested:

# AdwCleaner v4.105 - Report created 20/12/2014 at 07:14:40
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Yannis - YANNIS-PC
# Running from : C:\Users\Yannis\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0 (x86 el)


*************************

AdwCleaner[R0].txt - [7372 octets] - [08/12/2014 20:29:57]
AdwCleaner[R1].txt - [1587 octets] - [20/12/2014 07:09:37]
AdwCleaner[S0].txt - [7455 octets] - [08/12/2014 20:32:08]
AdwCleaner[S1].txt - [1510 octets] - [20/12/2014 07:14:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1570 octets] ##########
yancim is offline  
Old 12-20-2014, 09:11 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, yancim. You're very welcome. Is your machine up to date as far as all Windows Updates?

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.3.0.0.42_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

--------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-21-2014, 12:13 AM   #7
Registered Member
 
Join Date: Feb 2008
Posts: 15
OS: Win XP SP3



Hi followed you instructions and TDSSkiller found no infections

Thanks

PS Hi, just some xtra info which I do not know if it is relevant. In all attempts to clean the infection as instructed, I always had to go into the task manager before and kill the instance/process since my PC was low on resources because of it. I am not sure if that could affect the scanning process i.e not picking it up during tha scan

Thanks
yancim is offline  
Old 12-21-2014, 02:48 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, yancim. You're very welcome.

What brand/model is your computer? Did you notice this event error in your attach log?

Quote:
9/12/2014 9:58:35 ūž, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
Not sure if that could be the cause of your problem. Would you know how to resolve the above error?

------------------------------------------------------

Also from your logs, are you familiar with these TCP Interfaces nameserver addresses?

Quote:
TCP: Interfaces\{92A11F12-D355-4021-9090-CD528ED95178}: NameServer = 80.67.8.223 80.67.14.78
Those IP addresses resolve to Anonine-Linknet(Portlane Networks) in Sweden. Would it have to do with VPNCheck?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-24-2014, 02:34 AM   #9
Registered Member
 
Join Date: Feb 2008
Posts: 15
OS: Win XP SP3



Hi and thanks for the reply. Issue 1 has been resolved I think (took some tweaking in the BIOS settings and I haven't encountered that error in the Event viewer since the 20th) and as far as issue 2 is concerned yes I am aware of this, it is part of a VPN service I am using


Still had the same instance of iexplore instnaces running in the background last night


Thanks
yancim is offline  
Old 12-24-2014, 02:46 AM   #10
Registered Member
 
Join Date: Feb 2008
Posts: 15
OS: Win XP SP3



Hi and thanks for the reply. Issue 1 has been resolved I think (took some tweaking in the BIOS settings and I haven't encountered that error in the Event viewer since the 20th) and as far as issue 2 is concerned yes I am aware of this, it is part of a VPN service I am using


Still had the same instance of iexplore instnaces running in the background last night


Thanks
yancim is offline  
Old 12-24-2014, 12:28 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, yancim. You're very welcome. As I understand it, it is normal for 2 instances of Iexplore.exe to be running and are created to make Automatic Crash Recovery possible.

IE8 and Reliability - IEBlog - Site Home - MSDN Blogs

Is the machine still slow? Is your CPU usage abnormal?

Let's see what an online scan finds.

------------------------------------------------------

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts > Change User Account Control settings and set it back to Always Notify.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Update Now >> link.
  • After the update completes, click the Scan Now >> button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
------------------------------------------------------
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the scan log which shows the date and time of the scan just performed.
  • Click Copy to Clipboard
  • Paste the contents of the clipboard into your reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-27-2014, 11:52 AM   #12
Registered Member
 
Join Date: Feb 2008
Posts: 15
OS: Win XP SP3



Hi
Please see below

MBAM:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 25/12/2014
Scan Time: 12:39:56 μμ
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.25.05
Rootkit Database: v2014.12.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Yannis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 548568
Time Elapsed: 24 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ESET

C:\$RECYCLE.BIN\S-1-5-21-728855239-3551724509-2161394740-1001\$R0FE7DY.exe a variant of Win32/Amonetize.CK potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-728855239-3551724509-2161394740-1001\$R3URKB2\Clash of Clans Hack\Clash of Clans Hack.exe a variant of Win32/OutBrowse.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3306061\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Alexandros\AppData\Roaming\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Catarina\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Catarina\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Catarina\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files (x86)\LEGO - The Hobbit\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Program Files (x86)\LEGO Batman 3 - Beyond Gotham\steam_api.dll Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Erik\Downloads\cbsidlm-cbsi145-Doom-ORG-10000739.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Yannis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGWRP1WD\installer_adobe_flash_player_English[1].exe Win32/OutBrowse.BK potentially unwanted application
C:\Users\Yannis\AppData\Local\Temp\ClashOfClansHack__7934_il570664.exe a variant of Win32/Amonetize.CK potentially unwanted application
C:\Users\Yannis\AppData\Local\Temp\DownloadManager.exe a variant of Win32/OutBrowse.D potentially unwanted application
C:\Users\Yannis\Downloads\cbsidlm-cbsi176-New_Super_Mario_Forever_2012-ORG-10344976.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Yannis\Downloads\cdbxp_setup_4.5.2.4291.exe Win32/OpenCandy potentially unsafe application
C:\Users\Yannis\Downloads\FileZilla_3.7.4.1_win32-setup.exe a variant of Win32/Injected.F trojan
C:\Users\Yannis\Downloads\ppsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Yannis\Downloads\utorrent.exe a variant of Win32/Bunndle potentially unsafe application
C:\Users\Yannis\Downloads\vpnwatcher_v2.0.exe Win32/Spigot.A potentially unwanted application
C:\Users\Yannis\Downloads\LEGO Batman 3 Beyond Gotham DLC Pack 1-BAT\Crack\steam_api.dll Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\LEGO.Batman.3.Beyond.Gotham.Proper-RELOADED\rld-leba3be.iso Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\LEGO.Batman.3.Beyond.Gotham.Proper-RELOADED\rld-leba3be\Crack\steam_api.dll Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\LEGO.The.Hobbit-RELOADED\rld-legoho.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\SUPERIOR DRUMMER 2.0 64 BITS COMPLETE\DVD 1\DVD 1\SL-AVATAR DVD1.ISO Win32/Keygen.GF potentially unsafe application
C:\Users\Yannis\Downloads\The.LEGO.Movie.Videogame.Proper-RELOADED\rld-legomovie.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\Thief Update v1.4-RELOADED\Crack\Binaries2\Win32\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\Thief-RELOADED\rld-thief.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application
D:\Documents and Settings\Alexandros\Local Settings\Application Data\uTorrentBar\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
D:\Documents and Settings\Alexandros\Local Settings\Application Data\uTorrentBar\tbuTo0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Documents and Settings\Erik.YANNIS_PC\Local Settings\Application Data\uTorrentBar\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
D:\Documents and Settings\Erik.YANNIS_PC\Local Settings\Application Data\uTorrentBar\tbuTo0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Documents and Settings\Johansson-Rigas\My Documents\Downloads\mysteriez.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Documents and Settings\Johansson-Rigas\My Documents\Downloads\v.8\S8_Producer.iso a variant of Win32/GameHack.EW potentially unsafe application
D:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\uTorrentBar\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
D:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\uTorrentBar\tbuTo0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Documents and Settings\Yannis\Application Data\Sun\Java\Deployment\cache\6.0\11\36f8304b-3f64a4ac a variant of Java/Obfuscated.AllatoriDemo.B potentially unsafe application
D:\Documents and Settings\Yannis\Application Data\Sun\Java\Deployment\cache\6.0\19\7b779d13-44522773 a variant of Java/JShrink.A potentially unsafe application
D:\Documents and Settings\Yannis\Application Data\Sun\Java\Deployment\cache\6.0\38\5f02cba6-1bec1f47 a variant of Java/Obfuscated.AllatoriDemo.B potentially unsafe application
D:\Documents and Settings\Yannis\Application Data\Sun\Java\Deployment\cache\6.0\48\7ccbd5f0-610331fe multiple threats
D:\Documents and Settings\Yannis\Application Data\Sun\Java\Deployment\cache\6.0\60\3f95963c-308069a9 multiple threats
D:\Documents and Settings\Yannis\Desktop\wga17360.zip BAT/HackTool.Agent.AA potentially unsafe application
D:\Documents and Settings\Yannis\Desktop\wga17360\installer.bat BAT/HackTool.Agent.AA potentially unsafe application
D:\Documents and Settings\Yannis\Local Settings\Application Data\Mozilla\Firefox\Profiles\l58qox1w.default\Cache\4\C0\329A3d01 Win32/PriceGong.B potentially unwanted application
D:\Documents and Settings\Yannis\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39\758b9727-42d61d21 multiple threats
D:\Documents and Settings\Yannis\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\40\49f2f668-3c31307b Java/Exploit.Agent.OEH trojan
D:\Documents and Settings\Yannis\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\50\2ac169b2-51e36a81 multiple threats
D:\Documents and Settings\Yannis\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\60\6bfea43c-6cc8ddea Java/Exploit.Agent.NQR trojan
D:\Documents and Settings\Yannis\Local Settings\Temp\oa94LFVd.exe.part Win32/AdWare.1ClickDownload.AT application
D:\Documents and Settings\Yannis\Local Settings\Temp\tbuTo0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Documents and Settings\Yannis\Local Settings\Temp\tGuKfZcf.exe.part Win32/Somoto.A potentially unwanted application
D:\Documents and Settings\Yannis\Local Settings\Temp\tmpCBF.tmp Win32/OpenCandy potentially unsafe application
D:\Documents and Settings\Yannis\Local Settings\Temp\tUG4YlyI.exe.part Win32/Somoto.A potentially unwanted application
D:\Documents and Settings\Yannis\Local Settings\Temp\utt29.tmp.exe a variant of Win32/Toolbar.Conduit potentially unwanted application
D:\Documents and Settings\Yannis\Local Settings\Temp\VSKWYiyb.exe.part Win32/Somoto.A potentially unwanted application
D:\Documents and Settings\Yannis\Local Settings\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.1.4003.exe Win32/OpenCandy potentially unsafe application
D:\Documents and Settings\Yannis\Local Settings\Temp\CT2786678\CT2786678.xpi Win32/Toolbar.Conduit potentially unwanted application
D:\Documents and Settings\Yannis\Local Settings\Temporary Internet Files\Content.IE5\0HUN83SK\tbedrs[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application
D:\Documents and Settings\Yannis\My Documents\Downloads\cbsidlm-cbsi4_1_4-Pazera_Free_FLV_to_AVI_Converter-10786669.exe a variant of Win32/CNETInstaller.B potentially unwanted application
D:\Documents and Settings\Yannis\My Documents\Downloads\cdbxp_setup_4.4.0.3018.exe Win32/OpenCandy potentially unsafe application
D:\Documents and Settings\Yannis\My Documents\Downloads\IZArc4.1.6.exe Win32/OpenCandy potentially unsafe application
D:\Documents and Settings\Yannis\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Documents and Settings\Yannis\My Documents\Downloads\SoftonicDownloader_for_dr-divx.exe Win32/SoftonicDownloader.E potentially unwanted application
D:\Documents and Settings\Yannis\My Documents\Downloads\vppsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
D:\Downloads\Software\BitTorrent-6.3.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Downloads\Software\cdbxp_setup_4.3.0.2064.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Downloads\Software\fsubmarine_setup.exe Win32/Adware.WhenU.SaveNow potentially unwanted application
D:\Downloads\Software\pspvideo9-504-setup.exe Win32/OpenCandy potentially unsafe application
D:\Downloads\Software\SetupImgBurn_2.5.2.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Downloads\u95\u95.exe a variant of Win32/UltraReach.AC potentially unsafe application
D:\My Downloads\installer.bat BAT/HackTool.Agent.AA potentially unsafe application
D:\Program Files\Codemasters\DiRT 3\paul.dll Win32/HackTool.Crack.O potentially unsafe application
D:\Program Files\Codemasters\DiRT 3\SKIDROW.dll Win32/HackTool.Crack.O potentially unsafe application
D:\Program Files\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
D:\Program Files\NCH Software\VideoPad\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
D:\Program Files\NCH Software\VideoPad\videopad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
D:\Program Files\NCH Software\VideoPad\vppsetup_v2.41.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
F:\Downloads\PlatoVideoTo3GP.exe multiple threats
F:\emule_dl\zips\Nero Premium 7.5.7.0 Keygen.zip a variant of Win32/Keygen.DS potentially unsafe application
yancim is offline  
Old 12-27-2014, 12:13 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
C:\Program Files (x86)\LEGO - The Hobbit\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Program Files (x86)\LEGO Batman 3 - Beyond Gotham\steam_api.dll Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\LEGO Batman 3 Beyond Gotham DLC Pack 1-BAT\Crack\steam_api.dll Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\LEGO.Batman.3.Beyond.Gotham.Proper-RELOADED\rld-leba3be.iso Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\LEGO.Batman.3.Beyond.Gotham.Proper-RELOADED\rld-leba3be\Crack\steam_api.dll Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\LEGO.The.Hobbit-RELOADED\rld-legoho.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\SUPERIOR DRUMMER 2.0 64 BITS COMPLETE\DVD 1\DVD 1\SL-AVATAR DVD1.ISO Win32/Keygen.GF potentially unsafe application
C:\Users\Yannis\Downloads\The.LEGO.Movie.Videogame.Proper-RELOADED\rld-legomovie.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\Thief Update v1.4-RELOADED\Crack\Binaries2\Win32\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\Yannis\Downloads\Thief-RELOADED\rld-thief.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application
D:\Program Files\Codemasters\DiRT 3\paul.dll Win32/HackTool.Crack.O potentially unsafe application
D:\Program Files\Codemasters\DiRT 3\SKIDROW.dll Win32/HackTool.Crack.O potentially unsafe application
F:\emule_dl\zips\Nero Premium 7.5.7.0 Keygen.zip a variant of Win32/Keygen.DS potentially unsafe application
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

------------------------------------------------------

==== Installed Programs ====

LEGO - The Hobbit
LEGO Batman 3 - Beyond Gotham DLC Pack
The LEGO Movie - Videogame


------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-30-2014, 02:02 AM   #14
Registered Member
 
Join Date: Feb 2008
Posts: 15
OS: Win XP SP3



Thank you for the assistance.
yancim is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
url:mal virus
I am in need of expert assistance in removal the nemesis virus "url:mal" . I've also seen pop up from Avast blocking "url:mal2". I tried running gmr and something prevents it from completion, so I'm not sure if it will give you the data you need:sad: Thanks in advance.:bang head: Dell...
Larry Crooms Resolved HJT Threads 35 01-14-2014 05:16 AM
BSOD Help
Computer is giving bsod, i have attached a bsod zip file of the 3 bsod mini dumps. thanks Summary Operating System MS Windows 7 Home Premium 64-bit SP1 CPU
dunz BSOD, App Crashes And Hangs 2 03-12-2012 08:03 PM
Internet Explorer & Dr.Watson has encountered...
Hello, I can't open most of my folders without my computer freezing up and my computer telling me that "Internet Explorer has encountered a problem and needs to close" and "Dr. Watson Postmortem Debugger has encountered a problem and needs to close". Now, I've been using Google...
JCVerkler Virus/Trojan/Spyware Help 3 11-18-2011 01:27 PM
Antivira AV virus - Help appreciated
Hi there My pc picked up a nasty virus called Antivira AV rendering it pretty much useless. Itís a bogus virus scanner that automatically seems to close down Windows Defender and take over. I canít use Internet Explorer and also canít go in the Task Manager, when I press Ctrl alt delete it...
Jvdbliek Resolved HJT Threads 18 03-03-2011 10:34 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:19 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts