Page 1 of 5 12345 LastLast
Results 1 to 10 of 48

Thread: Help clearing trojan/malware issues

  1. #1
    Member
    Join Date
    Aug 2013
    Posts
    52

    Default Help clearing trojan/malware issues

    Sorry about the vague title as my issue was a little surprising. I downloaded a program and unfortunately it had some sort of malware attached to it which kaspersky picked up straight away and deleted. I did the extra things after like malwarebytes scan and spybot scan as well as windows defender. Restarted pc and all was fine. Today I turn the system on and fire up a program I use often, fraps, and for some reason kaspersky picked up and deleted a trojan. So I'm just needing to know if my system is clean because that was a little worrying. Spybot is picking up a trojan that it cant seem to get rid of though. Apologies if I did anything wrong below.




    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.25.2
    Run by Thor at 14:00:24 on 2013-08-06
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.4204 [GMT 9.5:30]
    .
    AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
    J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Logitech Gaming Software\LCore.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    J:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    H:\Program Files (x86)\Evaer\videochannel.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\drahtwerk\iWebcamera\iWebcameraApp.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtblfs.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
    uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} - <orphaned>
    BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    uRun: [Steam] "J:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Google Update] "C:\Users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [avichannel] "H:\Program Files (x86)\Evaer\videochannel.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    mRun: [Driver Genius] <no file>
    mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
    StartupFolder: C:\Users\Thor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{73427270-A448-4497-95DC-8D915CF25F20} : DHCPNameServer = 7.254.254.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - <no file>
    Notify: klogon - <no file>
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
    x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
    x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: klogon - C:\Windows\System32\klogon.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
    FF - plugin: C:\Users\Thor\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-06-27 21:35; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    FF - ExtSQL: 2013-06-27 21:36; greasemonkeybcsf@stpors.net; C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
    FF - ExtSQL: !HIDDEN! 2012-08-02 18:21; linkfilter@kaspersky.ru; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 5464a42d00000000000000ff73427270
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15775
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.00:26:30
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-2 8704]
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2012-11-1 85048]
    R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2011-11-11 313648]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-18 52760]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-9-25 21104]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-11-1 66104]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-22 283200]
    R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328]
    R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-9-10 21992]
    R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
    R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-25 68136]
    R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-25 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
    R2 KinoniSvc;Kinoni Service;C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [2013-2-27 525312]
    R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-8-11 625816]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-9-25 390672]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-9-6 27136]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-6 1817560]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-6 1033688]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-6 171928]
    R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-9-25 114688]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 2754984]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-6 363800]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-7-5 65152]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-8-17 88576]
    R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-6 30528]
    R3 KINONI_Wave;Kinoni Audio Source;C:\Windows\System32\drivers\kinonivad.sys [2013-2-27 23040]
    R3 kinonivd;Kinoni Video Source;C:\Windows\System32\drivers\kinonivd.sys [2013-2-27 2782848]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
    R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-11-15 410184]
    R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-11-15 341832]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-11-15 22408]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-11-15 16008]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-25 533096]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-25 31232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
    S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-12-13 131912]
    S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-9-25 21712]
    S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-7 25640]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
    S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
    S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
    S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-9-6 20992]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-12 31800]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
    S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-6 59392]
    S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-12-1 745368]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-08-05 23:49:22 -------- d-----w- C:\Users\Thor\AppData\Local\{7039926E-B54A-4F22-B94D-F288F200E776}
    2013-08-05 17:10:44 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-08-05 17:10:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-08-05 06:02:43 -------- d-----w- C:\Users\Thor\AppData\Local\{55DB6940-210B-4FA1-8679-E8ECBBCE7C07}
    2013-08-04 18:02:07 -------- d-----w- C:\Users\Thor\AppData\Local\{AF1B77DA-3A34-4DB3-B8EF-19CB9379C83A}
    2013-08-04 13:09:09 -------- d-----w- C:\Program Files (x86)\GoldWave
    2013-08-04 06:01:55 -------- d-----w- C:\Users\Thor\AppData\Local\{E30BE655-6283-48D2-8445-A6582FEE5CEA}
    2013-08-03 18:01:16 -------- d-----w- C:\Users\Thor\AppData\Local\{195B9657-19F9-434A-9366-61AF9B91635F}
    2013-08-03 06:00:48 -------- d-----w- C:\Users\Thor\AppData\Local\{98A1D2F6-9C45-410D-82B3-6FD80A479215}
    2013-08-02 17:12:39 -------- d-----w- C:\Users\Thor\AppData\Local\{9AAF0856-0111-4FBA-84E8-5242EC80E3FA}
    2013-08-02 05:12:17 -------- d-----w- C:\Users\Thor\AppData\Local\{709BFB3A-5669-4AF2-9208-4697C7B1620B}
    2013-08-01 17:11:43 -------- d-----w- C:\Users\Thor\AppData\Local\{68DF52BE-8952-4868-A5E1-0679639B30AB}
    2013-08-01 05:11:20 -------- d-----w- C:\Users\Thor\AppData\Local\{3B150860-428C-488E-A191-01AE112D5BEA}
    2013-07-31 17:10:46 -------- d-----w- C:\Users\Thor\AppData\Local\{8FEB8649-712E-42F8-A251-B11B86302D1C}
    2013-07-31 05:10:17 -------- d-----w- C:\Users\Thor\AppData\Local\{1D483449-EB9E-4D1B-A3C2-E20DBB681303}
    2013-07-30 13:21:27 -------- d-----w- C:\Users\Thor\AppData\Local\{85027127-8D1D-4F2F-8A9E-DB3770ED0FBB}
    2013-07-30 01:20:53 -------- d-----w- C:\Users\Thor\AppData\Local\{8D65548F-9DC0-4B76-8AD2-80001513E9B6}
    2013-07-29 11:12:50 -------- d-----w- C:\Users\Thor\AppData\Local\{1D651263-59BB-4AD9-A8C7-983E0BD9E099}
    2013-07-28 23:12:16 -------- d-----w- C:\Users\Thor\AppData\Local\{0FE0EE7E-130F-4F84-8DB8-B606305BD4C9}
    2013-07-28 08:38:40 715038 ----a-w- C:\Windows\unins000.exe
    2013-07-28 07:32:10 -------- d-----w- C:\Users\Thor\AppData\Local\Dxtory Software
    2013-07-28 07:32:08 8300544 ----a-w- C:\Windows\SysWow64\DxtoryCodec.dll
    2013-07-28 07:32:08 8043008 ----a-w- C:\Windows\System32\DxtoryCodec.dll
    2013-07-28 06:32:14 -------- d-----w- C:\Users\Thor\AppData\Roaming\Awesomium
    2013-07-28 04:54:59 -------- d-----w- C:\Users\Thor\AppData\Local\{58D73E0A-02D8-4A79-90FA-6069FB22FF5C}
    2013-07-27 17:22:07 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63F8903D-28B2-42C9-9E9D-DD210B476559}\mpengine.dll
    2013-07-27 16:54:17 -------- d-----w- C:\Users\Thor\AppData\Local\{951F2FDD-A978-4391-BAA9-F908CE75EBBB}
    2013-07-27 04:20:01 -------- d-----w- C:\Users\Thor\AppData\Local\{1702FC2C-B7F0-47CA-BE3B-6D7D92B76232}
    2013-07-26 15:03:21 -------- d-----w- C:\Users\Thor\AppData\Local\{B270282A-3D83-48BD-82D9-627DBE09EE8E}
    2013-07-26 03:02:59 -------- d-----w- C:\Users\Thor\AppData\Local\{2554CC7D-389D-408D-9B67-0DCB5E47AD32}
    2013-07-25 15:02:25 -------- d-----w- C:\Users\Thor\AppData\Local\{00B68FA6-9074-42EF-8002-39875877C3D6}
    2013-07-25 03:02:03 -------- d-----w- C:\Users\Thor\AppData\Local\{678B3312-1EC4-4668-9DD2-7FF71B6B1025}
    2013-07-24 15:01:26 -------- d-----w- C:\Users\Thor\AppData\Local\{362A26EF-DFF1-4433-8AC9-FEDF17ACCF79}
    2013-07-24 03:00:49 -------- d-----w- C:\Users\Thor\AppData\Local\{EF8F5872-3308-45C4-B53A-01E1C2DD50E8}
    2013-07-23 06:29:53 -------- d-----w- C:\Users\Thor\AppData\Local\{B1F1ABD8-7E2B-4350-8F8B-A1034612457C}
    2013-07-22 18:29:30 -------- d-----w- C:\Users\Thor\AppData\Local\{B983E4A4-2E94-41AB-AABB-6786072A0CE7}
    2013-07-22 06:29:08 -------- d-----w- C:\Users\Thor\AppData\Local\{E046BB6F-CF51-443F-9C72-E23C4EC47FEC}
    2013-07-21 18:28:29 -------- d-----w- C:\Users\Thor\AppData\Local\{FA78F5E7-5889-4AA6-9730-FD9176F085F8}
    2013-07-21 06:28:07 -------- d-----w- C:\Users\Thor\AppData\Local\{033E6AD5-A7CB-443D-8F3B-A102276CFED5}
    2013-07-20 18:27:32 -------- d-----w- C:\Users\Thor\AppData\Local\{C5A51AF5-D153-4A3D-8CD8-003BC6A2AE87}
    2013-07-20 06:27:10 -------- d-----w- C:\Users\Thor\AppData\Local\{F4E20CF7-4C84-493F-BCAE-45D6B6A0FDCD}
    2013-07-19 18:26:47 -------- d-----w- C:\Users\Thor\AppData\Local\{43305700-B6AF-4952-B9CF-021288C3DF0F}
    2013-07-19 06:26:24 -------- d-----w- C:\Users\Thor\AppData\Local\{E61C3896-3957-454C-BD92-C002D6C4FFB5}
    2013-07-18 06:25:27 -------- d-----w- C:\Users\Thor\AppData\Local\{02415797-4B9C-433E-9460-E108CD3FE8CE}
    2013-07-17 18:24:53 -------- d-----w- C:\Users\Thor\AppData\Local\{CF1E3B28-A8D3-41A0-B5E4-39008C3437A5}
    2013-07-17 06:24:31 -------- d-----w- C:\Users\Thor\AppData\Local\{7A0E8CCC-65C1-4C3A-B45A-C453093E4752}
    2013-07-16 06:23:45 -------- d-----w- C:\Users\Thor\AppData\Local\{01A27CD4-B174-4C20-BE55-A67CEBF55BAB}
    2013-07-15 18:12:35 -------- d-----w- C:\Users\Thor\AppData\Local\{6780E787-8887-4CE9-8411-BCAECFE80184}
    2013-07-15 06:12:24 -------- d-----w- C:\Users\Thor\AppData\Local\{3ACBFDCE-E4FE-4E57-A64F-FCEF81377C14}
    2013-07-14 18:11:57 -------- d-----w- C:\Users\Thor\AppData\Local\{34D78392-5F98-443C-8EE1-D25BC3A1145F}
    2013-07-14 06:11:36 -------- d-----w- C:\Users\Thor\AppData\Local\{9C2A61A4-68C2-4AA6-BC01-FF014CC5DA45}
    2013-07-13 18:11:00 -------- d-----w- C:\Users\Thor\AppData\Local\{EE8617D0-2800-425A-B900-859DFE3177F0}
    2013-07-13 06:10:37 -------- d-----w- C:\Users\Thor\AppData\Local\{168367BB-6636-4626-B3B2-EC05146093B5}
    2013-07-12 18:10:14 -------- d-----w- C:\Users\Thor\AppData\Local\{8E38913B-DDA1-4228-9DD3-7B288FB11820}
    2013-07-12 06:09:51 -------- d-----w- C:\Users\Thor\AppData\Local\{EF5BD903-78D0-4C37-B782-CC74ACFC540C}
    2013-07-11 06:09:05 -------- d-----w- C:\Users\Thor\AppData\Local\{B84B36A3-3A70-4F04-8FB0-E3459E70E9B4}
    2013-07-10 17:25:05 -------- d-----w- C:\Users\Thor\AppData\Local\{9B08C30A-422C-4FD1-9D14-2EE65A5EB47A}
    2013-07-10 05:24:43 -------- d-----w- C:\Users\Thor\AppData\Local\{00559B85-0D97-43A4-8683-D7F4270D0CDD}
    2013-07-09 17:24:09 -------- d-----w- C:\Users\Thor\AppData\Local\{27B4CD8A-3C14-4E11-9198-55CC35934050}
    2013-07-09 05:23:45 -------- d-----w- C:\Users\Thor\AppData\Local\{B4F9FF1F-C59C-47D1-8068-1A8E6D4830F3}
    2013-07-08 17:23:09 -------- d-----w- C:\Users\Thor\AppData\Local\{77340C9F-8284-4BE7-9F49-2DE71D1BD4ED}
    2013-07-08 05:22:57 -------- d-----w- C:\Users\Thor\AppData\Local\{D01CDE2F-5E28-42C8-9300-71608959A98F}
    2013-07-07 17:22:23 -------- d-----w- C:\Users\Thor\AppData\Local\{18F7B073-B8D4-4E20-A531-FF4A4735FEB9}
    2013-07-07 05:22:01 -------- d-----w- C:\Users\Thor\AppData\Local\{15C5D8FC-3B47-4534-8662-6D05E7FC5FD6}
    .
    ==================== Find3M ====================
    .
    2013-08-06 00:26:22 30528 ----a-w- C:\Windows\GVTDrv64.sys
    2013-08-06 00:26:11 25640 ----a-w- C:\Windows\gdrv.sys
    2013-08-05 15:35:36 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
    2013-08-04 12:02:33 6266 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2013-07-28 14:52:00 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-07-28 14:52:00 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2013-07-28 14:47:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-07-13 02:42:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-13 02:42:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-25 13:52:58 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-25 13:52:58 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-06-25 13:52:58 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 14:00:45.06 ===============






    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-06 16:43:15
    -----------------------------
    16:43:15.148 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:43:15.148 Number of processors: 4 586 0x2A07
    16:43:15.149 ComputerName: THOR-PC UserName: Thor
    16:43:15.440 Initialize success
    16:53:18.175 AVAST engine defs: 13080502
    16:54:18.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:54:18.625 Disk 0 Vendor: KINGSTON 332A Size: 114473MB BusType: 3
    16:54:18.626 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    16:54:18.627 Disk 1 Vendor: SAMSUNG_ 1AN1 Size: 1907729MB BusType: 3
    16:54:18.629 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
    16:54:18.630 Disk 2 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 3
    16:54:18.632 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
    16:54:18.634 Disk 3 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
    16:54:18.643 Disk 0 MBR read successfully
    16:54:18.646 Disk 0 MBR scan
    16:54:18.649 Disk 0 Windows 7 default MBR code
    16:54:18.651 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:54:18.655 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    16:54:19.013 Disk 0 scanning C:\Windows\system32\drivers
    16:54:21.833 Service scanning
    16:54:28.637 Modules scanning
    16:54:28.641 Disk 0 trace - called modules:
    16:54:28.646 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    16:54:28.649 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096f2060]
    16:54:28.652 3 CLASSPNP.SYS[fffff8800240143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068cf050]
    16:54:28.854 AVAST engine scan C:\Windows
    16:54:29.491 AVAST engine scan C:\Windows\system32
    16:55:38.778 AVAST engine scan C:\Windows\system32\drivers
    16:55:44.759 AVAST engine scan C:\Users\Thor
    16:56:59.001 AVAST engine scan C:\ProgramData
    16:57:46.343 Scan finished successfully
    16:58:57.488 Disk 0 MBR has been saved successfully to "C:\Users\Thor\Desktop\MBR.dat"
    16:58:57.491 The log file has been saved successfully to "C:\Users\Thor\Desktop\aswMBR.txt"




    Search results from Spybot - Search & Destroy

    6/08/2013 7:10:06 PM
    Scan took 00:17:40.
    18 items found.

    Generic: [SBI $8E73A7FB] Interface (IspCommand) (Registry Key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC856072-9CC4-4B33-8EBA-F62224A62A59}

    Zedo: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Thor) (Browser: Cookie, nothing done)


    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Cookie: [SBI $49804B54] Browser: Cookie (22) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (34) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (10) (Browser: History, nothing done)
    Attached Files Attached Files

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi vlahka,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Important Note for Vista and Windows 7 & 8 users:

    These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    =========================

    1. Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    2. ComboFix

    Refer to the ComboFix User's Guide

    • Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:

    • checkup.txt
    • ComboFix.txt
    • What symptoms are you experiencing?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Member
    Join Date
    Aug 2013
    Posts
    52

    Default

    Thanks for the reply. Here are the two logs requested. Also just wanted to mention I get an error when I start up windows now since installing ERUNT. Keeps saying it cant write to whatever files and I have to cancel it.




    Results of screen317's Security Check version 0.99.71
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Kaspersky PURE 2.0
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SpyHunter
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 25
    Adobe Flash Player 11.8.800.94
    Adobe Reader XI
    Mozilla Firefox 20.0.1 Firefox out of Date!
    Google Chrome 28.0.1500.72
    Google Chrome 28.0.1500.95
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    Kaspersky Lab Kaspersky PURE 2.0 avp.exe
    Kaspersky Lab Kaspersky PURE 2.0 x64 klwtblfs.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````







    ComboFix 13-08-07.01 - Thor 09/08/2013 5:02.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5991 [GMT 9.5:30]
    Running from: c:\users\Thor\Desktop\ComboFix.exe
    AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1F764CA33D.sys
    c:\programdata\ntuser.dat
    c:\windows\7Loader.TAG
    c:\windows\iun6002.exe
    c:\windows\SysWow64\frapsvid.dll
    J:\install.exe
    L:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-07-08 to 2013-08-08 )))))))))))))))))))))))))))))))
    .
    .
    2013-08-08 19:39 . 2013-08-08 19:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-08-08 19:39 . 2013-08-08 19:39 -------- d-----w- c:\users\UpdatusUser.Thor-PC.000\AppData\Local\temp
    2013-08-08 19:39 . 2013-08-08 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-08-08 19:34 . 2013-08-08 19:34 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63F8903D-28B2-42C9-9E9D-DD210B476559}\offreg.dll
    2013-08-06 01:53 . 2013-08-06 01:54 -------- d-----w- c:\program files (x86)\ERUNT
    2013-08-05 17:10 . 2009-01-25 03:44 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2013-08-05 17:10 . 2013-08-05 17:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2013-08-04 13:09 . 2013-08-04 13:09 -------- d-----w- c:\program files (x86)\GoldWave
    2013-07-28 08:38 . 2013-07-28 08:38 715038 ----a-w- c:\windows\unins000.exe
    2013-07-28 07:32 . 2013-07-28 07:32 -------- d-----w- c:\users\Thor\AppData\Local\Dxtory Software
    2013-07-28 07:32 . 2013-02-15 13:14 8300544 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
    2013-07-28 07:32 . 2013-02-15 13:14 8043008 ----a-w- c:\windows\system32\DxtoryCodec.dll
    2013-07-28 06:32 . 2013-07-28 06:40 -------- d-----w- c:\users\Thor\AppData\Roaming\Awesomium
    2013-07-27 17:22 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63F8903D-28B2-42C9-9E9D-DD210B476559}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-08 03:28 . 2011-09-06 10:28 30528 ----a-w- c:\windows\GVTDrv64.sys
    2013-08-08 03:27 . 2011-09-27 06:31 25640 ----a-w- c:\windows\gdrv.sys
    2013-08-08 03:26 . 2012-10-20 16:51 119296 ----a-w- c:\windows\SysWow64\zlib.dll
    2013-08-07 10:31 . 2011-10-21 15:22 6266 --sha-w- c:\programdata\KGyGaAvL.sys
    2013-07-28 14:52 . 2011-10-27 11:17 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-07-28 14:52 . 2011-10-26 09:18 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-07-28 14:47 . 2011-10-26 09:18 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-07-13 02:42 . 2012-05-09 09:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-13 02:42 . 2012-05-09 09:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-25 13:52 . 2013-06-25 13:53 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-25 13:52 . 2012-06-29 12:42 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2013-06-25 13:52 . 2011-09-11 11:04 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-05-17 08:22 . 2013-05-17 08:22 53248 ----a-r- c:\users\Thor\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2013-05-11 04:34 . 2011-03-28 09:06 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2012-08-30 12:54 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
    "Steam"="j:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-28 3093624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
    "Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "LWS"="h:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "CloantoSoftwareDirector"="c:\program files (x86)\Common Files\Cloanto\Software Director\softdir.exe" [2013-02-01 370512]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
    .
    c:\users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux9"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 KinoniSvc;Kinoni Service;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
    R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]
    R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
    R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
    R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
    R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
    R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
    R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
    R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
    S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
    S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
    S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
    S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
    S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys;c:\windows\SYSNATIVE\drivers\kinonivad.sys [x]
    S3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys;c:\windows\SYSNATIVE\DRIVERS\kinonivd.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 02:42]
    .
    2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
    - c:\users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 08:42]
    .
    2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
    - c:\users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 08:42]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
    2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
    .
    [HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
    [HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2012-08-30 12:56 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-13 1212560]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\
    FF - ExtSQL: 2013-06-27 21:35; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    FF - ExtSQL: 2013-06-27 21:36; greasemonkeybcsf@stpors.net; c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
    FF - ExtSQL: !HIDDEN! 2012-08-02 18:21; linkfilter@kaspersky.ru; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 5464a42d00000000000000ff73427270
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15775
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.00:26
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    BHO-{45d30484-7ded-43d9-957a-d2fd1f046511} - (no file)
    Wow6432Node-HKLM-Run-Driver Genius - (no file)
    Notify-igfxcui - (no file)
    Notify-klogon - (no file)
    Notify-SDWinLogon - SDWinLogon.dll
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
    .
    .
    "ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
    [\]^_\00\00\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~\00\00\00\00\00\00x\00\00\00\00\00\00\00\00"
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
    5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
    e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:0f,8f,26,b6,2d,54,cd,01
    .
    [HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.vcf"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\09\03\07\05\022?"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-08-09 05:22:05
    ComboFix-quarantined-files.txt 2013-08-08 19:52
    .
    Pre-Run: 38,949,826,560 bytes free
    Post-Run: 38,038,028,288 bytes free
    .
    - - End Of File - - 6E65606A65E0435AE373DA320F855C11
    D41D8CD98F00B204E9800998ECF8427E

  4. #4
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi vlahka,

    1. AdwCleaner

    Download AdwCleaner to your desktop.

    Right click and select "Run as Administrator".
    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply

    =========================

    2. Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.

    Right click and select "Run as Administrator".
    • Shut down your protection software now to avoid potential conflicts.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    =========================

    3. OTL

    • Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.

      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    =========================

    In your next post please provide the following:

    • AdwCleaner[S1].txt
    • JRT.txt
    • OTL.txt
    • Extras.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #5
    Member
    Join Date
    Aug 2013
    Posts
    52

    Default

    I'm having trouble running the Junkware Removal Tool. It keeps saying its not a 7-zip archive for whatever reason. Its coming up as an exe file and not associated with 7-zip. I even uninstalled the program to see if I could get around it but the thing refuses.

  6. #6
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi vlahka,

    Go ahead and skip the JRT step.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  7. #7
    Member
    Join Date
    Aug 2013
    Posts
    52

    Default

    # AdwCleaner v2.306 - Logfile created 08/09/2013 at 14:14:56
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Thor - THOR-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Thor\Desktop\AdwCleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
    Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Wondershare
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    Folder Deleted : C:\Users\Thor\AppData\Local\Wondershare
    Folder Deleted : C:\Users\Thor\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Thor\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\jetpack
    Folder Deleted : C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Smartbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v20.0.1 (en-US)

    File : C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\prefs.js

    C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\user.js ... Deleted !

    Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2504091.FirstTime", "true");
    Deleted : user_pref("CT2504091.FirstTimeFF3", "true");
    Deleted : user_pref("CT2504091.UserID", "UN99341481213875293");
    Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2504091.autoDisableScopes", -1);
    Deleted : user_pref("CT2504091.cbcountry_001", "AU");
    Deleted : user_pref("CT2504091.cbfirsttime", "Tue Jul 24 2012 01:45:48 GMT+0930 (AUS Central Standard Time)");
    Deleted : user_pref("CT2504091.defaultSearch", "false");
    Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2504091.enableAlerts", "false");
    Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
    Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2504091.fixUrls", true);
    Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");
    Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
    Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.isNewTabEnabled", true);
    Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
    Deleted : user_pref("CT2504091.openThankYouPage", "false");
    Deleted : user_pref("CT2504091.openUninstallPage", "false");
    Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
    Deleted : user_pref("CT2504091.search.searchCount", "0");
    Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343060142157");
    Deleted : user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1343060145597");
    Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1343060142148");
    Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343060144600");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343060146188");
    Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1343060145016");
    Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343060144635");
    Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1343060139638");
    Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1343060138063");
    Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343060144707");
    Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1343060139033");
    Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1343060142151");
    Deleted : user_pref("CT2504091.settingsINI", true);
    Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
    Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
    Deleted : user_pref("CT2504091.startPage", "false");
    Deleted : user_pref("CT2504091.toolbarBornServerTime", "23-7-2012");
    Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "23-7-2012");
    Deleted : user_pref("extensions.delta.admin", false);
    Deleted : user_pref("extensions.delta.aflt", "babsst");
    Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Deleted : user_pref("extensions.delta.dfltLng", "en");
    Deleted : user_pref("extensions.delta.excTlbr", false);
    Deleted : user_pref("extensions.delta.id", "5464a42d00000000000000ff73427270");
    Deleted : user_pref("extensions.delta.instlDay", "15775");
    Deleted : user_pref("extensions.delta.instlRef", "sst");
    Deleted : user_pref("extensions.delta.newTab", false);
    Deleted : user_pref("extensions.delta.prdct", "delta");
    Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Deleted : user_pref("extensions.delta.rvrt", "false");
    Deleted : user_pref("extensions.delta.smplGrp", "none");
    Deleted : user_pref("extensions.delta.tlbrId", "base");
    Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
    Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.00:26:30");
    Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");

    -\\ Google Chrome v28.0.1500.95

    File : C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.2769] : homepage = "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=5464a42d00000000000000[...]

    *************************

    AdwCleaner[R1].txt - [8709 octets] - [23/03/2013 10:20:12]
    AdwCleaner[R2].txt - [8769 octets] - [23/03/2013 10:21:14]
    AdwCleaner[R3].txt - [8734 octets] - [09/08/2013 14:14:07]
    AdwCleaner[S1].txt - [302 octets] - [23/03/2013 10:21:40]
    AdwCleaner[S2].txt - [8967 octets] - [09/08/2013 14:14:56]

    ########## EOF - C:\AdwCleaner[S2].txt - [9027 octets] ##########

  8. #8
    Member
    Join Date
    Aug 2013
    Posts
    52

    Default

    The OTL and Extra files are too huge to paste or attach. Should I paste them into 2 replies for each?

  9. #9
    Member
    Join Date
    Aug 2013
    Posts
    52

    Default

    Forgot I could compress them. Files attached.
    Attached Files Attached Files

  10. #10
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi vlahka,

    Yes, paste them into as many replies as are required to post the complete log.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •