Help clearing trojan/malware issues

**vlahka** · 2013-08-06, 11:45

Sorry about the vague title as my issue was a little surprising. I downloaded a program and unfortunately it had some sort of malware attached to it which kaspersky picked up straight away and deleted. I did the extra things after like malwarebytes scan and spybot scan as well as windows defender. Restarted pc and all was fine. Today I turn the system on and fire up a program I use often, fraps, and for some reason kaspersky picked up and deleted a trojan. So I'm just needing to know if my system is clean because that was a little worrying. Spybot is picking up a trojan that it cant seem to get rid of though. Apologies if I did anything wrong below.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.25.2
Run by Thor at 14:00:24 on 2013-08-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.4204 [GMT 9.5:30]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
J:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
H:\Program Files (x86)\Evaer\videochannel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\drahtwerk\iWebcamera\iWebcameraApp.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtblfs.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} - <orphaned>
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Steam] "J:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [avichannel] "H:\Program Files (x86)\Evaer\videochannel.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [Driver Genius] <no file>
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
StartupFolder: C:\Users\Thor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{73427270-A448-4497-95DC-8D915CF25F20} : DHCPNameServer = 7.254.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
Notify: klogon - <no file>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
FF - plugin: C:\Users\Thor\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-27 21:35; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-06-27 21:36; greasemonkeybcsf@stpors.net; C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
FF - ExtSQL: !HIDDEN! 2012-08-02 18:21; linkfilter@kaspersky.ru; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 5464a42d00000000000000ff73427270
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15775
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.00:26:30
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-2 8704]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2012-11-1 85048]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2011-11-11 313648]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-18 52760]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-9-25 21104]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-11-1 66104]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-22 283200]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-9-10 21992]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-25 68136]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-25 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 KinoniSvc;Kinoni Service;C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [2013-2-27 525312]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-8-11 625816]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-9-25 390672]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-9-6 27136]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-6 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-6 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-6 171928]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-9-25 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 2754984]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-6 363800]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-7-5 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-8-17 88576]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-6 30528]
R3 KINONI_Wave;Kinoni Audio Source;C:\Windows\System32\drivers\kinonivad.sys [2013-2-27 23040]
R3 kinonivd;Kinoni Video Source;C:\Windows\System32\drivers\kinonivd.sys [2013-2-27 2782848]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-11-15 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-11-15 341832]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-11-15 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-11-15 16008]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-25 533096]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-25 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-12-13 131912]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-9-25 21712]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-7 25640]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-9-6 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-12 31800]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-6 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-12-1 745368]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-05 23:49:22 -------- d-----w- C:\Users\Thor\AppData\Local\{7039926E-B54A-4F22-B94D-F288F200E776}
2013-08-05 17:10:44 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-08-05 17:10:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-05 06:02:43 -------- d-----w- C:\Users\Thor\AppData\Local\{55DB6940-210B-4FA1-8679-E8ECBBCE7C07}
2013-08-04 18:02:07 -------- d-----w- C:\Users\Thor\AppData\Local\{AF1B77DA-3A34-4DB3-B8EF-19CB9379C83A}
2013-08-04 13:09:09 -------- d-----w- C:\Program Files (x86)\GoldWave
2013-08-04 06:01:55 -------- d-----w- C:\Users\Thor\AppData\Local\{E30BE655-6283-48D2-8445-A6582FEE5CEA}
2013-08-03 18:01:16 -------- d-----w- C:\Users\Thor\AppData\Local\{195B9657-19F9-434A-9366-61AF9B91635F}
2013-08-03 06:00:48 -------- d-----w- C:\Users\Thor\AppData\Local\{98A1D2F6-9C45-410D-82B3-6FD80A479215}
2013-08-02 17:12:39 -------- d-----w- C:\Users\Thor\AppData\Local\{9AAF0856-0111-4FBA-84E8-5242EC80E3FA}
2013-08-02 05:12:17 -------- d-----w- C:\Users\Thor\AppData\Local\{709BFB3A-5669-4AF2-9208-4697C7B1620B}
2013-08-01 17:11:43 -------- d-----w- C:\Users\Thor\AppData\Local\{68DF52BE-8952-4868-A5E1-0679639B30AB}
2013-08-01 05:11:20 -------- d-----w- C:\Users\Thor\AppData\Local\{3B150860-428C-488E-A191-01AE112D5BEA}
2013-07-31 17:10:46 -------- d-----w- C:\Users\Thor\AppData\Local\{8FEB8649-712E-42F8-A251-B11B86302D1C}
2013-07-31 05:10:17 -------- d-----w- C:\Users\Thor\AppData\Local\{1D483449-EB9E-4D1B-A3C2-E20DBB681303}
2013-07-30 13:21:27 -------- d-----w- C:\Users\Thor\AppData\Local\{85027127-8D1D-4F2F-8A9E-DB3770ED0FBB}
2013-07-30 01:20:53 -------- d-----w- C:\Users\Thor\AppData\Local\{8D65548F-9DC0-4B76-8AD2-80001513E9B6}
2013-07-29 11:12:50 -------- d-----w- C:\Users\Thor\AppData\Local\{1D651263-59BB-4AD9-A8C7-983E0BD9E099}
2013-07-28 23:12:16 -------- d-----w- C:\Users\Thor\AppData\Local\{0FE0EE7E-130F-4F84-8DB8-B606305BD4C9}
2013-07-28 08:38:40 715038 ----a-w- C:\Windows\unins000.exe
2013-07-28 07:32:10 -------- d-----w- C:\Users\Thor\AppData\Local\Dxtory Software
2013-07-28 07:32:08 8300544 ----a-w- C:\Windows\SysWow64\DxtoryCodec.dll
2013-07-28 07:32:08 8043008 ----a-w- C:\Windows\System32\DxtoryCodec.dll
2013-07-28 06:32:14 -------- d-----w- C:\Users\Thor\AppData\Roaming\Awesomium
2013-07-28 04:54:59 -------- d-----w- C:\Users\Thor\AppData\Local\{58D73E0A-02D8-4A79-90FA-6069FB22FF5C}
2013-07-27 17:22:07 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63F8903D-28B2-42C9-9E9D-DD210B476559}\mpengine.dll
2013-07-27 16:54:17 -------- d-----w- C:\Users\Thor\AppData\Local\{951F2FDD-A978-4391-BAA9-F908CE75EBBB}
2013-07-27 04:20:01 -------- d-----w- C:\Users\Thor\AppData\Local\{1702FC2C-B7F0-47CA-BE3B-6D7D92B76232}
2013-07-26 15:03:21 -------- d-----w- C:\Users\Thor\AppData\Local\{B270282A-3D83-48BD-82D9-627DBE09EE8E}
2013-07-26 03:02:59 -------- d-----w- C:\Users\Thor\AppData\Local\{2554CC7D-389D-408D-9B67-0DCB5E47AD32}
2013-07-25 15:02:25 -------- d-----w- C:\Users\Thor\AppData\Local\{00B68FA6-9074-42EF-8002-39875877C3D6}
2013-07-25 03:02:03 -------- d-----w- C:\Users\Thor\AppData\Local\{678B3312-1EC4-4668-9DD2-7FF71B6B1025}
2013-07-24 15:01:26 -------- d-----w- C:\Users\Thor\AppData\Local\{362A26EF-DFF1-4433-8AC9-FEDF17ACCF79}
2013-07-24 03:00:49 -------- d-----w- C:\Users\Thor\AppData\Local\{EF8F5872-3308-45C4-B53A-01E1C2DD50E8}
2013-07-23 06:29:53 -------- d-----w- C:\Users\Thor\AppData\Local\{B1F1ABD8-7E2B-4350-8F8B-A1034612457C}
2013-07-22 18:29:30 -------- d-----w- C:\Users\Thor\AppData\Local\{B983E4A4-2E94-41AB-AABB-6786072A0CE7}
2013-07-22 06:29:08 -------- d-----w- C:\Users\Thor\AppData\Local\{E046BB6F-CF51-443F-9C72-E23C4EC47FEC}
2013-07-21 18:28:29 -------- d-----w- C:\Users\Thor\AppData\Local\{FA78F5E7-5889-4AA6-9730-FD9176F085F8}
2013-07-21 06:28:07 -------- d-----w- C:\Users\Thor\AppData\Local\{033E6AD5-A7CB-443D-8F3B-A102276CFED5}
2013-07-20 18:27:32 -------- d-----w- C:\Users\Thor\AppData\Local\{C5A51AF5-D153-4A3D-8CD8-003BC6A2AE87}
2013-07-20 06:27:10 -------- d-----w- C:\Users\Thor\AppData\Local\{F4E20CF7-4C84-493F-BCAE-45D6B6A0FDCD}
2013-07-19 18:26:47 -------- d-----w- C:\Users\Thor\AppData\Local\{43305700-B6AF-4952-B9CF-021288C3DF0F}
2013-07-19 06:26:24 -------- d-----w- C:\Users\Thor\AppData\Local\{E61C3896-3957-454C-BD92-C002D6C4FFB5}
2013-07-18 06:25:27 -------- d-----w- C:\Users\Thor\AppData\Local\{02415797-4B9C-433E-9460-E108CD3FE8CE}
2013-07-17 18:24:53 -------- d-----w- C:\Users\Thor\AppData\Local\{CF1E3B28-A8D3-41A0-B5E4-39008C3437A5}
2013-07-17 06:24:31 -------- d-----w- C:\Users\Thor\AppData\Local\{7A0E8CCC-65C1-4C3A-B45A-C453093E4752}
2013-07-16 06:23:45 -------- d-----w- C:\Users\Thor\AppData\Local\{01A27CD4-B174-4C20-BE55-A67CEBF55BAB}
2013-07-15 18:12:35 -------- d-----w- C:\Users\Thor\AppData\Local\{6780E787-8887-4CE9-8411-BCAECFE80184}
2013-07-15 06:12:24 -------- d-----w- C:\Users\Thor\AppData\Local\{3ACBFDCE-E4FE-4E57-A64F-FCEF81377C14}
2013-07-14 18:11:57 -------- d-----w- C:\Users\Thor\AppData\Local\{34D78392-5F98-443C-8EE1-D25BC3A1145F}
2013-07-14 06:11:36 -------- d-----w- C:\Users\Thor\AppData\Local\{9C2A61A4-68C2-4AA6-BC01-FF014CC5DA45}
2013-07-13 18:11:00 -------- d-----w- C:\Users\Thor\AppData\Local\{EE8617D0-2800-425A-B900-859DFE3177F0}
2013-07-13 06:10:37 -------- d-----w- C:\Users\Thor\AppData\Local\{168367BB-6636-4626-B3B2-EC05146093B5}
2013-07-12 18:10:14 -------- d-----w- C:\Users\Thor\AppData\Local\{8E38913B-DDA1-4228-9DD3-7B288FB11820}
2013-07-12 06:09:51 -------- d-----w- C:\Users\Thor\AppData\Local\{EF5BD903-78D0-4C37-B782-CC74ACFC540C}
2013-07-11 06:09:05 -------- d-----w- C:\Users\Thor\AppData\Local\{B84B36A3-3A70-4F04-8FB0-E3459E70E9B4}
2013-07-10 17:25:05 -------- d-----w- C:\Users\Thor\AppData\Local\{9B08C30A-422C-4FD1-9D14-2EE65A5EB47A}
2013-07-10 05:24:43 -------- d-----w- C:\Users\Thor\AppData\Local\{00559B85-0D97-43A4-8683-D7F4270D0CDD}
2013-07-09 17:24:09 -------- d-----w- C:\Users\Thor\AppData\Local\{27B4CD8A-3C14-4E11-9198-55CC35934050}
2013-07-09 05:23:45 -------- d-----w- C:\Users\Thor\AppData\Local\{B4F9FF1F-C59C-47D1-8068-1A8E6D4830F3}
2013-07-08 17:23:09 -------- d-----w- C:\Users\Thor\AppData\Local\{77340C9F-8284-4BE7-9F49-2DE71D1BD4ED}
2013-07-08 05:22:57 -------- d-----w- C:\Users\Thor\AppData\Local\{D01CDE2F-5E28-42C8-9300-71608959A98F}
2013-07-07 17:22:23 -------- d-----w- C:\Users\Thor\AppData\Local\{18F7B073-B8D4-4E20-A531-FF4A4735FEB9}
2013-07-07 05:22:01 -------- d-----w- C:\Users\Thor\AppData\Local\{15C5D8FC-3B47-4534-8662-6D05E7FC5FD6}
.
==================== Find3M ====================
.
2013-08-06 00:26:22 30528 ----a-w- C:\Windows\GVTDrv64.sys
2013-08-06 00:26:11 25640 ----a-w- C:\Windows\gdrv.sys
2013-08-05 15:35:36 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2013-08-04 12:02:33 6266 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-07-28 14:52:00 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-28 14:52:00 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-07-28 14:47:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-13 02:42:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 02:42:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-25 13:52:58 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 13:52:58 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-25 13:52:58 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:00:45.06 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-06 16:43:15
-----------------------------
16:43:15.148 OS Version: Windows x64 6.1.7601 Service Pack 1
16:43:15.148 Number of processors: 4 586 0x2A07
16:43:15.149 ComputerName: THOR-PC UserName: Thor
16:43:15.440 Initialize success
16:53:18.175 AVAST engine defs: 13080502
16:54:18.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:54:18.625 Disk 0 Vendor: KINGSTON 332A Size: 114473MB BusType: 3
16:54:18.626 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:54:18.627 Disk 1 Vendor: SAMSUNG_ 1AN1 Size: 1907729MB BusType: 3
16:54:18.629 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
16:54:18.630 Disk 2 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 3
16:54:18.632 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
16:54:18.634 Disk 3 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
16:54:18.643 Disk 0 MBR read successfully
16:54:18.646 Disk 0 MBR scan
16:54:18.649 Disk 0 Windows 7 default MBR code
16:54:18.651 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:54:18.655 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
16:54:19.013 Disk 0 scanning C:\Windows\system32\drivers
16:54:21.833 Service scanning
16:54:28.637 Modules scanning
16:54:28.641 Disk 0 trace - called modules:
16:54:28.646 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:54:28.649 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096f2060]
16:54:28.652 3 CLASSPNP.SYS[fffff8800240143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068cf050]
16:54:28.854 AVAST engine scan C:\Windows
16:54:29.491 AVAST engine scan C:\Windows\system32
16:55:38.778 AVAST engine scan C:\Windows\system32\drivers
16:55:44.759 AVAST engine scan C:\Users\Thor
16:56:59.001 AVAST engine scan C:\ProgramData
16:57:46.343 Scan finished successfully
16:58:57.488 Disk 0 MBR has been saved successfully to "C:\Users\Thor\Desktop\MBR.dat"
16:58:57.491 The log file has been saved successfully to "C:\Users\Thor\Desktop\aswMBR.txt"

Search results from Spybot - Search & Destroy

6/08/2013 7:10:06 PM
Scan took 00:17:40.
18 items found.

Generic: [SBI $8E73A7FB] Interface (IspCommand) (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC856072-9CC4-4B33-8EBA-F62224A62A59}

Zedo: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Thor) (Browser: Cookie, nothing done)

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (22) (Browser: Cookie, nothing done)

Cache: [SBI $49804B54] Browser: Cache (34) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (10) (Browser: History, nothing done)

Thread: Help clearing trojan/malware issues

Thread Tools

Display

Threaded View

Help clearing trojan/malware issues

Posting Permissions