PDA

View Full Version : Please help remove deltabar malware



heyguy18
2013-08-24, 13:46
I am trying to remove deltabar malware with Spybot S&D which cant remove it.
please help
Here are the requested logs

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Numan at 16:52:05 on 2013-08-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3575.1833 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\GIGABYTE\SmartRecovery2_x86\RPMDaemon.exe
C:\Program Files\GIGABYTE\smart6\dbios\SDBMSG.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k PPTVServiceGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.msn.com
mStart Page = www.msn.com
mDefault_Page_URL = www.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: BrowserHelper: {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - c:\programdata\ppbrowserhelper\bho\TipsBHO.dll
BHO: Aimersoft Video Converter Ultimate: {54F73992-6549-4369-9A0D-84FD310A464A} - c:\program files\aimersoft\video converter ultimate\SVRIEPlugin.dll
BHO: 56F5AAB7-99F6-A9C2-8085-D5DAD1355BCB Class: {56F5AAB7-99F6-A9C2-8085-D5DAD1355BCB} - c:\program files\qvodplayer\addin\{56f5aab7-99f6-a9c2-8085-d5dad1355bcb}\QvodAddr.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: 82972D51-47DD-8A42-EE55-645534054300 Class: {82972D51-47DD-8A42-EE55-645534054300} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D297} - c:\program files\qvodplayer\qvodextend\5.0.86.0\QvodExtend.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: GBHO.BHO: {c20391ee-b6fd-4a35-9f1b-2892dda5b107} -
BHO: <No Name>: {C5A07FDB-3E9F-578C-8A5F-68A11E85C517} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Smart Recovery 2: {a011d643-4a67-4934-a775-46139847d7f2} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [BrowserPlugInHelper] c:\program files\aimersoft\video converter ultimate\BrowserPlugInHelper.exe
mRunOnce: [DES2] c:\program files\gigabyte\energysaver2\des2.exe state
mRunOnce: [RPMKickstart] c:\program files\gigabyte\smartrecovery2_x86\RPMKickstart.exe
mRunOnce: [SDBOK] c:\program files\gigabyte\smart6\dbios\run.exe
mRunOnce: [EasyTuneVI] c:\program files\gigabyte\et6\ETCall.exe
StartupFolder: c:\users\numan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\numan\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} - hxxp://platform.nx.com/ActiveX/nxsysinfo.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{15044EB9-CE78-462F-8F48-A6266A860167} : NameServer = 203.185.0.37,203.185.0.36
TCP: Interfaces\{256A4A34-01E5-4126-9805-C7BC1DF1497C} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{53CFD666-D1CB-4C4C-918C-739CEDA86992} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{53CFD666-D1CB-4C4C-918C-739CEDA86992}\14E64627F69646140534231364 : DHCPNameServer = 192.168.43.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\numan\appdata\roaming\mozilla\firefox\profiles\g1uk0kl3.default\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\0.80.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.0\npesnsonar.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\internet explorer\pplite\plugin\1.0.1.4556\npplugin2.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\qvodplayer\addin\kwwebgame\npKWWebGame.dll
FF - plugin: c:\program files\qvodplayer\npQvodInsert.dll
FF - plugin: c:\program files\qvodplayer\npShareModule.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\numan\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\numan\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\numan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\numan\appdata\roaming\mozilla\firefox\profiles\g1uk0kl3.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\users\numan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\numan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-06-25 22:00; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\users\numan\appdata\roaming\mozilla\firefox\profiles\g1uk0kl3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - ExtSQL: 2013-08-14 19:29; {CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}; c:\program files\aimersoft\video converter ultimate\SVRFirefoxExt
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: extensions.BabylonToolbar_i.id - 50319f650000000000001c6f65a4db5e
FF - user.js: extensions.BabylonToolbar_i.hardId - 50319f650000000000001c6f65a4db5e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:28:29
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100489
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-11-9 566656]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-9 212432]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2013-4-18 117792]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2013-4-12 19608]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-1-17 54776]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-6-20 173192]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\gigabyte\energysaver2\des2svr.exe [2011-1-17 68136]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-4-29 233472]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-12 280512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-11 167784]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-1-12 144576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-12 280512]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-12 280512]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-12 280512]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-12 280512]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-1-12 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-1-12 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-12 172416]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 PPTVService;PPTVService;c:\windows\system32\svchost.exe -k PPTVServiceGroup [2009-7-14 20992]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-8-23 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-8-23 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-8-23 171928]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-14 3291008]
R2 Smart TimeLock;Smart TimeLock Service;c:\program files\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2011-1-17 114688]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-11-19 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-1-17 2320920]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-9 60920]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-9-22 19688]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-4-29 37344]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-8-3 147472]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-11-9 235520]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-9 363432]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-2-18 257496]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-5-6 490088]
S2 aaxkqylh;Microsoft UMPass Helper;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 PC Performer Manager;PC Performer Manager;c:\programdata\pc performer manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe --> c:\programdata\pc performer manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe [?]
S2 SgtSch2Svc;Seagate Scheduler2 Service;"c:\program files\common files\seagate\schedule2\schedul2.exe" --> c:\program files\common files\seagate\schedule2\schedul2.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2013-4-18 749112]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2013-7-19 891392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-6-4 84248]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2011-1-24 17488]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\intel\intel(r) integrated clock controller service\ICCProxy.exe [2013-4-12 160256]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-11-9 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-2-18 80592]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2013-7-23 99400]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-7-24 9472]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-1-23 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-1-23 8576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-18 14848]
S3 SNPPRO;USB PC Camera (snppro);c:\windows\system32\drivers\snppro.sys [2005-6-10 8664448]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-4-30 181912]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-18 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-17 1343400]
S3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys [2013-8-14 27496]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown GVTDrv;GVTDrv; [x]
.
=============== Created Last 30 ================
.
2013-08-22 18:25:21 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-08-22 17:54:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-08-22 09:41:50 -------- d-----w- c:\users\numan\appdata\local\Unnamed
2013-08-22 07:25:54 -------- d-----w- c:\users\numan\appdata\local\SwvUpdater
2013-08-22 06:12:48 -------- d-----w- c:\programdata\APN
2013-08-21 14:26:51 -------- d-----w- c:\program files\common files\Nokia
2013-08-21 14:24:11 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-08-21 14:23:58 -------- d-----w- c:\program files\PC Connectivity Solution
2013-08-21 12:25:59 -------- d-----w- c:\users\numan\appdata\local\PAYDAY 2
2013-08-17 14:12:16 -------- d-----w- c:\program files\iPod
2013-08-17 14:12:05 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-17 14:12:05 -------- d-----w- c:\program files\iTunes
2013-08-17 09:17:32 -------- d-----w- C:\Google_Nexus_7_ToolKit
2013-08-14 12:53:47 721917 ----a-w- c:\windows\system32\AiCM64.dll
2013-08-14 12:53:47 153088 ----a-w- c:\windows\system32\AiCM32.dll
2013-08-14 12:53:12 -------- d-----w- c:\program files\Aimersoft
2013-08-14 12:17:51 27496 ----a-w- c:\windows\system32\drivers\VirtualAudio.sys
2013-08-14 11:42:11 -------- d-----w- c:\programdata\xml_param
2013-08-14 11:32:21 -------- d-----w- c:\users\numan\appdata\roaming\Aimersoft Video Converter Ultimate
2013-08-14 11:30:14 -------- d-----w- c:\users\numan\appdata\roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2013-08-14 11:29:58 -------- d-----w- c:\users\numan\appdata\local\Aimersoft
2013-08-14 11:29:56 -------- d-----w- c:\program files\common files\Aimersoft
2013-08-14 11:29:11 -------- d-----w- c:\programdata\Aimersoft Video Converter Ultimate
2013-08-14 10:41:17 -------- d-----w- C:\bbd2f0ccf6346f4def85259f
2013-08-14 08:39:39 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 08:39:33 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 08:39:33 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 08:39:32 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 08:39:32 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 08:39:14 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 08:39:13 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 08:39:13 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 08:39:09 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 08:38:49 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 08:38:37 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 08:38:28 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 08:30:21 -------- d-----w- c:\programdata\Caphyon
2013-08-14 08:28:23 -------- d-----w- c:\users\numan\appdata\roaming\Mojocraft.net
2013-08-14 03:11:04 4774272 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-08-14 03:11:04 4774272 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-08-03 14:59:56 147472 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-08-02 08:03:15 -------- d-----w- c:\programdata\Orbit
2013-08-01 06:02:25 -------- d-----w- C:\Games
2013-07-31 15:44:20 -------- d-----w- c:\users\numan\appdata\local\Rockstar Games
2013-07-29 09:48:37 -------- d-----w- c:\users\numan\appdata\roaming\DriverCure
2013-07-29 09:48:36 -------- d-----w- c:\users\numan\appdata\roaming\PC Utility Kit
2013-07-29 09:47:08 -------- d-----w- c:\programdata\PC Utility Kit
2013-07-29 05:51:42 -------- d-----w- c:\users\numan\appdata\local\JC2MP
2013-07-29 05:50:32 -------- d-----w- c:\programdata\Package Cache
2013-07-29 05:49:31 -------- d-----w- c:\program files\JC2-MP
2013-07-29 03:11:10 -------- d-----w- c:\windows\pss
2013-07-27 02:04:37 -------- d-----w- c:\program files\LinuxLive USB Creator
.
==================== Find3M ====================
.
2013-08-24 08:26:01 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2013-08-24 08:25:54 17488 ----a-w- c:\windows\gdrv.sys
2013-08-22 07:27:01 420944 ----a-w- c:\windows\system32\msvcp100.dll
2013-08-02 06:59:05 151728 ----a-w- c:\windows\system32\WRusr.dll
2013-08-02 06:59:05 117792 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2013-07-28 09:24:15 17488 ----a-w- c:\windows\etdrv.sys
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-23 07:24:56 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2013-07-21 11:27:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-21 11:27:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-18 04:12:16 478032 ----a-w- c:\windows\system32\PPTVSvc.dll
2013-07-18 04:11:46 2307408 ----a-w- c:\windows\system32\kindling.dll
2013-07-13 05:13:00 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-07-13 05:12:51 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-07-13 05:12:51 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-07-13 05:10:24 234768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-06-26 12:31:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-26 12:31:37 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-26 12:31:37 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 12:09:07 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53:07 509440 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:15:02 84248 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
============= FINISH: 16:53:40.73 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-24 18:32:05
-----------------------------
18:32:05.942 OS Version: Windows 6.1.7601 Service Pack 1
18:32:05.942 Number of processors: 4 586 0x2505
18:32:05.942 ComputerName: NUMAN-PC UserName: Numan
18:32:07.923 Initialize success
18:32:20.559 AVAST engine defs: 13082400
18:32:29.232 The log file has been saved successfully to "C:\Users\Numan\Desktop\Temp\NokiaE52\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-24 18:32:05
-----------------------------
18:32:05.942 OS Version: Windows 6.1.7601 Service Pack 1
18:32:05.942 Number of processors: 4 586 0x2505
18:32:05.942 ComputerName: NUMAN-PC UserName: Numan
18:32:07.923 Initialize success
18:32:20.559 AVAST engine defs: 13082400
18:32:29.232 The log file has been saved successfully to "C:\Users\Numan\Desktop\aswMBR.txt"
18:33:01.555 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6
18:33:01.555 Disk 0 Vendor: ST3300622AS 3.AAE Size: 286168MB BusType: 11
18:33:01.555 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP6T0L0-8
18:33:01.555 Disk 1 Vendor: ST31000528AS CC49 Size: 953869MB BusType: 11
18:33:01.680 Disk 1 MBR read successfully
18:33:01.680 Disk 1 MBR scan
18:33:01.680 Disk 1 Windows 7 default MBR code
18:33:01.695 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 520000 MB offset 2048
18:33:01.695 Disk 1 Partition - 00 05 Extended 109998 MB offset 1064964094
18:33:01.727 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 323766 MB offset 1290242048
18:33:01.742 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 100 MB offset 1953314816
18:33:01.789 Disk 1 Partition 4 00 82 Linux swap 4515 MB offset 1202866176
18:33:02.288 Disk 1 Partition - 00 05 Extended 38148 MB offset 1212112896
18:33:02.304 Disk 1 scanning sectors +1953519616
18:33:02.397 Disk 1 scanning C:\Windows\system32\drivers
18:33:17.139 Service scanning
18:33:42.458 Modules scanning
18:33:50.445 Disk 1 trace - called modules:
18:33:50.477 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
18:33:50.477 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x87a47ac8]
18:33:50.492 3 CLASSPNP.SYS[8dbd259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP6T0L0-8[0x874d43d0]
18:33:50.492 Scan finished successfully
18:33:57.777 Disk 1 MBR has been saved successfully to "C:\Users\Numan\Desktop\MBR.dat"
18:33:57.793 The log file has been saved successfully to "C:\Users\Numan\Desktop\aswMBR.txt"

shelf life
2013-08-27, 01:27
hi heyguy18,

Sorry for the delay. If you still need help simply reply back.