Results 1 to 3 of 3

Thread: Need help after browser hijacker removed. _MEI31722 folder possible trojan?

  1. #1
    Junior Member
    Join Date
    Jul 2014
    Posts
    5

    Default Need help after browser hijacker removed. _MEI31722 folder possible trojan?

    I was recently (although I dont know how) was infected by a browser hijacker. I used my tools (Spybot, Kaspersky, windows security essentials, etc... to remove it) It was preventing me opening malwarebytes. I started looking into it and it appears that there have been a couple threads in places that say the folder in C:\Users\USER\AppData\Local\Temp named is a trojan program. This folder contains some pythoncom.dll, win32api.pyd and other pyd and dll files. Is this a malware/virus/trojan/etc... ? Can anyone help or direct me in this matter it would be greatly appreciated.

    Thanks!


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
    Run by SMl at 19:40:31 on 2014-07-07
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16318.11263 [GMT -4:00]
    .
    AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\AMD\amdacpusrsvc.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
    C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
    C:\Windows\DAODx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\PROGRA~2\Raptr\raptr.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\PROGRA~2\Raptr\raptr_im.exe
    C:\Program Files (x86)\Raptr\raptr_ep64.exe
    C:\Program Files (x86)\Origin\Origin.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
    C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\SMl\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
    mRunOnce: [TURBO_BOOST_SETTING] <no file>
    StartupFolder: C:\Users\SMl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~2.LNK - C:\Windows\System32\schtasks.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Explorer: HideSCAHealth = dword:1
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
    TCP: NameServer = 10.0.0.1
    TCP: Interfaces\{8519AB2B-84ED-4C29-82D3-476E4573986E} : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{BF0DB1FB-0A92-4BB1-8F0A-F25D405C15DF} : DHCPNameServer = 10.0.0.1
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = about:blank
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default\
    FF - prefs.js: browser.search.selectedEngine -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-12-10 293720]
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-7-1 84536]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-23 56208]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-7-1 66616]
    R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2014-2-1 30752]
    R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-11-11 54368]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-11-11 178448]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-5-22 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-5-22 344064]
    R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-12-14 131320]
    R2 amdacpksd;ACP Kernel Service Driver;C:\Windows\System32\drivers\amdacpksd.sys [2014-5-22 276192]
    R2 amdacpusrsvc;ACP User Service;C:\AMD\amdacpusrsvc.exe [2014-5-22 112640]
    R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2013-3-23 96896]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
    R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2013-11-30 21992]
    R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
    R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-6-20 82160]
    R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2013-4-7 15672]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-24 5037888]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-4-8 94720]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2014-2-16 90624]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
    R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
    R3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2009-10-7 67992]
    R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
    R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-4 60640]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-3-23 1301504]
    R3 VMfilt;VMfilt;C:\Windows\System32\drivers\VMfilt64.sys [2013-3-23 25600]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-17 401696]
    S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-12 111616]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-2-29 942080]
    S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2013-3-23 43328]
    S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2013-3-23 41280]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-1 19456]
    S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-5-31 129472]
    S3 rzp1endpt;Razer platform 1 end point;C:\Windows\System32\drivers\rzp1endpt.sys [2014-4-8 39080]
    S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-3-31 126464]
    S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-4-8 154792]
    S3 rzvmouse;Razer Virtual Mouse;C:\Windows\System32\drivers\rzvmouse.sys [2014-4-8 31400]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-12 56832]
    S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-23 19968]
    S3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [2013-7-11 41192]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-23 1255736]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2010-4-27 783360]
    S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-9-27 79360]
    S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-3-23 79360]
    S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]
    S4 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-5-4 4492776]
    S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
    S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2014-07-07 20:56:33 76152 ----a-w- C:\Windows\System32\PnkBstrA.exe
    2014-07-07 19:42:14 -------- d-----w- C:\AdwCleaner
    2014-07-07 19:31:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-07-07 19:27:10 -------- d-----w- C:\FRST
    2014-07-07 17:50:42 -------- d-----w- C:\Program Files (x86)\ESET
    2014-07-07 16:59:16 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-07-07 06:31:07 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9B49A27-07FB-4D7C-A0FE-B57B08422B0D}\mpengine.dll
    2014-07-07 03:38:00 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-07-07 03:38:00 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FE68A8C-2334-4365-9313-38E7C562558B}\gapaengine.dll
    2014-07-07 03:37:43 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-07-02 10:36:34 -------- d-----w- C:\Users\SMl\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2014-07-02 03:22:15 64856 ----a-w- C:\Windows\System32\klfphc.dll
    2014-07-02 03:21:54 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
    2014-07-02 03:21:54 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
    2014-07-02 03:21:29 -------- d-----w- C:\Windows\ELAMBKUP
    2014-07-02 03:21:25 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
    2014-07-02 03:21:22 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2014-07-02 03:21:14 92768 ----a-w- C:\Windows\System32\drivers\klflt.sys
    2014-07-01 08:36:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2014-07-01 08:36:08 -------- d-----w- C:\Program Files\Microsoft Security Client
    2014-07-01 02:10:56 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
    2014-06-30 06:18:12 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-06-30 06:18:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-06-30 06:18:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-30 05:43:46 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-06-30 05:43:46 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-06-30 05:43:23 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-06-30 05:33:50 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-06-30 01:42:41 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B332F8D3-B194-4542-BE6B-6BDEACDA1705}\mpengine.dll
    2014-06-30 01:40:01 -------- d-----w- C:\Users\SMl\AppData\Local\Adobe
    2014-06-26 04:52:36 -------- d-----w- C:\Users\SMl\AppData\Roaming\TheBannerSaga
    2014-06-20 01:09:16 -------- d-----w- C:\Program Files\Blender Foundation
    2014-06-12 19:05:34 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
    2014-06-11 01:57:09 -------- d-----w- C:\Users\SMl\AppData\Roaming\CardScan
    2014-06-11 01:56:58 -------- d-----w- C:\Users\SMl\AppData\Local\CardScan
    .
    ==================== Find3M ====================
    .
    2014-07-07 20:56:19 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-07-07 20:47:11 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2014-07-07 20:06:03 65536 ----a-w- C:\Windows\System32\spu_storage.bin
    2014-07-02 03:38:50 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
    2014-07-02 03:38:50 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
    2014-06-26 01:37:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-06-26 01:37:20 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-06-14 05:10:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-04 23:35:16 0 ----a-w- C:\Windows\ativpsrm.bin
    2014-05-31 04:29:14 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
    2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
    2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-05-29 11:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
    2014-05-23 02:28:16 127872 ----a-w- C:\Windows\System32\amdhcp64.dll
    2014-05-23 02:28:16 117560 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
    2014-05-23 02:28:14 78432 ----a-w- C:\Windows\System32\atimpc64.dll
    2014-05-23 02:28:14 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
    2014-05-23 02:28:12 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2014-05-23 02:28:12 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2014-05-23 02:28:08 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
    2014-05-23 02:28:06 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2014-05-23 02:28:06 117584 ----a-w- C:\Windows\System32\atiu9p64.dll
    2014-05-23 02:28:04 99520 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2014-05-23 02:28:04 1328352 ----a-w- C:\Windows\System32\aticfx64.dll
    2014-05-23 02:28:02 1108432 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2014-05-23 02:27:56 10516488 ----a-w- C:\Windows\System32\atidxx64.dll
    2014-05-23 02:27:54 9015224 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2014-05-23 02:27:48 7102496 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2014-05-23 02:27:42 6879016 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2014-05-23 02:27:38 7892000 ----a-w- C:\Windows\System32\atiumd6a.dll
    2014-05-23 02:27:34 8108312 ----a-w- C:\Windows\System32\atiumd64.dll
    2014-05-23 02:24:24 276192 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
    2014-05-23 02:22:08 15950336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2014-05-23 01:56:56 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2014-05-23 01:55:58 27529216 ----a-w- C:\Windows\System32\atio6axx.dll
    2014-05-23 01:52:44 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2014-05-23 01:47:48 231424 ----a-w- C:\Windows\System32\clinfo.exe
    2014-05-23 01:47:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
    2014-05-23 01:47:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
    2014-05-23 01:47:38 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
    2014-05-23 01:47:38 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
    2014-05-23 01:47:36 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2014-05-23 01:47:30 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2014-05-23 01:47:26 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
    2014-05-23 01:47:22 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2014-05-23 01:47:18 32874496 ----a-w- C:\Windows\System32\amdocl64.dll
    2014-05-23 01:46:06 127488 ----a-w- C:\Windows\System32\mantle64.dll
    2014-05-23 01:45:54 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
    2014-05-23 01:45:38 5224960 ----a-w- C:\Windows\System32\amdmantle64.dll
    2014-05-23 01:45:26 27841024 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2014-05-23 01:43:48 65024 ----a-w- C:\Windows\System32\OpenCL.dll
    2014-05-23 01:43:44 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2014-05-23 01:43:16 357376 ----a-w- C:\Windows\System32\amdacpusl.dll
    2014-05-23 01:43:04 242688 ----a-w- C:\Windows\SysWow64\amdacpusl.dll
    2014-05-23 01:40:52 23028224 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2014-05-23 01:38:08 366592 ----a-w- C:\Windows\System32\atiapfxx.exe
    2014-05-23 01:38:02 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
    2014-05-23 01:38:00 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2014-05-23 01:37:52 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
    2014-05-23 01:37:50 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2014-05-23 01:37:44 4180992 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
    2014-05-23 01:37:34 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
    2014-05-23 01:35:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2014-05-23 01:31:00 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
    2014-05-23 01:30:50 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
    2014-05-23 01:27:46 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
    2014-05-23 01:27:42 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
    2014-05-23 01:25:46 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2014-05-23 01:25:38 31232 ----a-w- C:\Windows\System32\atimuixx.dll
    2014-05-23 01:25:32 588800 ----a-w- C:\Windows\System32\atieclxx.exe
    2014-05-23 01:25:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2014-05-23 01:24:34 190976 ----a-w- C:\Windows\System32\atitmm64.dll
    2014-05-23 01:18:54 826368 ----a-w- C:\Windows\System32\coinst_14.200.dll
    2014-05-23 01:12:34 1207296 ----a-w- C:\Windows\System32\atiadlxx.dll
    2014-05-23 01:12:26 898560 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    .
    ============= FINISH: 19:41:02.40 ===============

    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-07-07 19:47:51
    -----------------------------
    19:47:51.166 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:47:51.166 Number of processors: 6 586 0xA00
    19:47:51.167 ComputerName: WILBUR UserName: SMl
    19:47:52.521 Initialize success
    19:47:52.592 VM: initialized successfully
    19:47:52.616 VM: Amd CPU supported
    19:48:01.078 VM: supported disk I/O storport.sys
    19:48:54.952 AVAST engine defs: 14070701
    19:49:02.774 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    19:49:02.776 Disk 0 Vendor: Samsung_SSD_840_EVO_250GB EXT0BB6Q Size: 238475MB BusType: 3
    19:49:02.779 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000075
    19:49:02.781 Disk 1 Vendor: AMD_____ 1.10 Size: 1907348MB BusType: 8
    19:49:02.990 Disk 1 MBR read successfully
    19:49:02.993 Disk 1 MBR scan
    19:49:03.025 Disk 1 Windows 7 default MBR code
    19:49:03.028 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    19:49:03.031 Disk 1 default boot code
    19:49:03.092 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 1907246 MB offset 206848
    19:49:03.211 Disk 1 scanning C:\Windows\system32\drivers
    19:49:15.891 Service scanning
    19:49:40.861 Modules scanning
    19:49:40.865 Disk 1 trace - called modules:
    19:49:40.894 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
    19:49:40.898 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800dc5e060]
    19:49:40.902 3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> \Device\00000075[0xfffffa800db369c0]
    19:49:41.717 AVAST engine scan C:\Windows
    19:49:43.865 AVAST engine scan C:\Windows\system32
    19:53:23.531 AVAST engine scan C:\Windows\system32\drivers
    19:53:38.099 AVAST engine scan C:\Users\SMl
    19:59:04.283 AVAST engine scan C:\ProgramData
    20:02:43.162 Scan finished successfully
    20:04:49.038 Disk 1 MBR has been saved successfully to "C:\Users\SMl\Desktop\Malware Removal\MBR.dat"
    20:04:49.070 The log file has been saved successfully to "C:\Users\SMl\Desktop\Malware Removal\aswMBR.txt"





    Congratulations!: No immediate threats were found. (Status)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2014-06-30 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2014-03-05 Includes\Adware-000.sbi (*)
    2014-01-08 Includes\Adware-001.sbi (*)
    2014-06-11 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-01-08 Includes\Dialer-000.sbi (*)
    2014-01-08 Includes\Dialer-001.sbi (*)
    2014-01-08 Includes\Dialer-C.sbi (*)
    2014-01-08 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2014-01-09 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2014-01-09 Includes\Fraud-003.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2014-01-08 Includes\Hijackers-000.sbi (*)
    2014-01-08 Includes\Hijackers-001.sbi (*)
    2014-01-08 Includes\Hijackers-C.sbi (*)
    2014-01-08 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-01-08 Includes\Keyloggers-000.sbi (*)
    2014-03-19 Includes\Keyloggers-C.sbi (*)
    2014-01-08 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2014-03-03 Includes\Malware-000.sbi (*)
    2014-01-09 Includes\Malware-001.sbi (*)
    2014-03-03 Includes\Malware-002.sbi (*)
    2014-02-05 Includes\Malware-003.sbi (*)
    2014-01-28 Includes\Malware-004.sbi (*)
    2014-04-15 Includes\Malware-005.sbi (*)
    2014-02-26 Includes\Malware-006.sbi (*)
    2014-01-09 Includes\Malware-007.sbi (*)
    2014-06-11 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2014-01-13 Includes\MalwareC.sbi (*)
    2014-01-15 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2014-06-11 Includes\PUPS-C.sbi (*)
    2014-01-13 Includes\PUPS.sbi (*)
    2014-01-13 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2014-01-08 Includes\Security-C.sbi (*)
    2014-01-08 Includes\Security.sbi (*)
    2014-01-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2014-01-28 Includes\Spyware-000.sbi (*)
    2014-01-08 Includes\Spyware-001.sbi (*)
    2014-01-08 Includes\Spyware-C.sbi (*)
    2014-01-13 Includes\Spyware.sbi (*)
    2014-01-08 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-02-26 Includes\Trojans-001.sbi (*)
    2014-01-15 Includes\Trojans-002.sbi (*)
    2014-01-28 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-03-19 Includes\Trojans-005.sbi (*)
    2014-03-14 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-02-19 Includes\Trojans-008.sbi (*)
    2014-01-15 Includes\Trojans-009.sbi (*)
    2014-06-11 Includes\Trojans-C.sbi (*)
    2014-01-15 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-01-15 Includes\Trojans-ZB-000.sbi (*)
    2014-03-14 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2010-03-10 Includes\TrojansC-01.sbi (*)
    2014-01-09 Includes\TrojansC-02.sbi (*)
    2014-01-09 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-09 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll


    Attach.zip

    my noob thread

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi roliks,

    Cant say much about those files other than a .pyd is a python programming file extension. Windows is full of .dll files. I would be more concerned if it was a .exe file. If you are concerned you can upload any file (size limit) to have it scanned and checked out as being malcious or not either here or here.
    Only need one active AV per machine, two is not better in this case. You have MSSE and Kaspersky active. You should remove one via the add/remove programs panel. I would unload MSSE myself.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Jul 2014
    Posts
    5

    Default

    Yeah only did that as Kaspersky did not detect the hijacker that I had on my machine and oddly enough.. MSSE did. I hadn't removed it as the initial posting thread said not to make any changes after making the post.. I will be doing such in a min. I am familiar about the python files and dlls I just cant seem to find any information about the MEI folder other than a couple sites think that its a Trojan. So you think there is nothing to be worried about then? That's a relief. I gratefully thank you for your time and If there is nothing to be concerned about please feel free to close the thread.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •