DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17728 BrowserJavaVersion: 11.60.2 Run by Emil at 21:07:13 on 2015-12-25 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8178.3154 [GMT 1:00] . AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D} SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Windows\system32\svchost.exe -k imgsvc E:\SyTray.exe C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Samsung\PC Auto Backup\WiselinkPro.exe C:\Windows\System32\spool\drivers\x64\3\E_YATIIVE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe C:\Windows\system32\EscSvc64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Samsung\PC Auto Backup\http_ss_win_pro.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Bitdefender Agent\ProductAgentService.exe D:\GomPlayer\GOM.EXE C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe C:\Program Files\Bitdefender\Bitdefender 2016\odscanui.exe C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe C:\Windows\system32\taskhost.exe C:\Windows\explorer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe C:\Program Files\Bitdefender\Bitdefender 2016\bdtkexec.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe C:\Users\Emil\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Emil\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe C:\Users\Emil\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit = userinit.exe BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll uRun: [Google Update] "C:\Users\Emil\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [Google Photos Backup] "C:\Users\Emil\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart uRun: [OneDrive] "C:\Users\Emil\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIVE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2530 Series" /EF "HKCU" uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe" mRun: [AllShareAgent] E:\samsung\AllShare\AllShareAgent.exe mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun mRunOnce: [360safeuninst_1f0fb7c2d13cc0c07ff2ca40747bc03e] C:\Users\Emil\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_remove360.bat StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAUTO~1.LNK - C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: MaxGPOScriptWait = dword:600 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{41879580-23A1-4177-A175-5D0D7C769EAF} : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = about:blank x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll x64-Run: [ErgoMedia] E:\SyTray.exe x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe" x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - x64-SSODL: WebCheck - . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Emil\AppData\Roaming\Mozilla\Firefox\Profiles\5xqfyumj.default-1418544177695\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Users\Emil\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll FF - plugin: C:\Users\Emil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll FF - plugin: D:\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: E:\Picasa3\npPicasa3.dll FF - plugin: E:\VLC\npvlc.dll . ============= SERVICES / DRIVERS =============== . R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-21 45856] R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-7-31 42240] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208] R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2015-6-3 171864] RUnknown 360AntiHacker;360AntiHacker; [x] RUnknown 360Camera;360Camera; [x] RUnknown 360FsFlt;360FsFlt; [x] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] . =============== File Associations =============== . FileExt: .txt: Applications\iexplore.exe="C:\Program Files\Internet Explorer\iexplore.exe" %1 [UserChoice] FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1 FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1 . =============== Created Last 30 ================ . 2015-12-25 11:14:01 405600 ----a-w- C:\ProgramData\1451041859.bdinstall.bin 2015-12-25 11:12:45 -------- d-----w- C:\ProgramData\BDLogging 2015-12-25 11:12:42 511328 ----a-w- C:\Windows\capicom.dll 2015-12-25 11:12:37 87912 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys 2015-12-25 11:12:37 775424 ----a-w- C:\Windows\System32\drivers\avckf.sys 2015-12-25 11:12:37 282000 ----a-w- C:\Windows\System32\drivers\avchv.sys 2015-12-25 11:12:37 1600512 ----a-w- C:\Windows\System32\drivers\avc3.sys 2015-12-25 11:12:34 271808 ----a-w- C:\Windows\System32\drivers\ignis.sys 2015-12-25 11:12:30 -------- d-----w- C:\Users\Emil\AppData\Roaming\Bitdefender 2015-12-25 11:12:24 3271472 ---ha-w- C:\bdr-bz01 2015-12-25 11:11:15 -------- d-----w- C:\ProgramData\Bitdefender 2015-12-25 11:11:14 160032 ----a-w- C:\Windows\System32\drivers\gzflt.sys 2015-12-25 11:11:13 477272 ----a-w- C:\Windows\System32\drivers\trufos.sys 2015-12-25 11:11:13 -------- d-----w- C:\Program Files\Bitdefender 2015-12-25 11:10:59 -------- d-----w- C:\Users\Emil\AppData\Roaming\QuickScan 2015-12-25 11:10:55 -------- d-----w- C:\Program Files\Common Files\Bitdefender 2015-12-25 11:08:43 -------- d-----w- C:\Program Files\Bitdefender Agent 2015-12-25 11:08:42 -------- d-----w- C:\ProgramData\Bitdefender Agent 2015-12-25 10:56:03 11138400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2015-12-25 10:55:59 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE71573C-BF82-4E80-95D6-877CEAB744EA}\mpengine.dll 2015-12-21 17:05:29 -------- d-----w- C:\Program Files\HitmanPro 2015-12-18 18:17:52 -------- d-----w- C:\Users\Emil\AppData\Local\Thunderbird 2015-12-03 00:15:35 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} . ==================== Find3M ==================== . 2015-12-02 12:18:58 301728 ------w- C:\Windows\System32\MpSigStub.exe 2015-10-27 16:42:44 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2015-10-27 16:42:44 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl . ============= FINISH: 21:08:41,97 ===============