scorpian

August 30, 2013

Hello Mr. Borislav, can you help me in locating and manually deleting the folder.

August 30, 2013

Mr.Borislav, the Kaspersky virus removal tool has not detected any threats during the scan. But it is asking me do i like make any changes to my system when ever i reboot my system. i opted not to do any changes. waiting for your further instructions.

August 29, 2013

The MBAM log is as follows:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.29.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Kishore Reddy :: KISHOREREDDY-PC [administrator]

29-08-2013 10:47:17

mbam-log-2013-08-29 (10-47-17).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 227279

Time elapsed: 11 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

c:\users\kishore reddy\appdata\roaming\delta (PUP.Optional.Delta) -> Quarantined and deleted successfully.

Files Detected: 1

c:\users\kishore reddy\appdata\roaming\delta\sqlite3.dll (PUP.Optional.Delta) -> Delete on reboot.

(end)

August 28, 2013

The required log is as follows:

ComboFix 13-08-28.02 - Kishore Reddy 28-08-2013 20:17:28.3.4 - x64

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.91.1033.18.2807.1621 [GMT 5.5:30]

Running from: c:\users\Kishore Reddy\Desktop\ComboFix.exe

Command switches used :: c:\users\Kishore Reddy\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-28 )))))))))))))))))))))))))))))))

.

2013-08-28 15:00 . 2013-08-28 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-28 14:11 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8169A4FD-A440-4599-897E-F70F72473146}\mpengine.dll

2013-08-27 13:10 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-08-24 15:23 . 2013-08-24 15:23 -------- d-----w- C:\_OTL

2013-08-23 13:26 . 2013-08-23 13:31 -------- d-----w- C:\AdwCleaner

2013-08-23 09:41 . 2013-08-23 09:41 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBDF67A8-68F5-4896-B93A-810C1819F429}\gapaengine.dll

2013-08-18 12:39 . 2013-08-18 12:39 -------- d-----w- C:\CCE_Quarantine

2013-08-18 12:16 . 2013-08-18 12:16 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\Comodo

2013-08-15 05:38 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-15 05:38 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-15 05:38 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-15 05:38 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-15 05:38 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-15 05:38 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-15 05:38 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-15 05:38 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-15 05:38 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-15 05:38 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-15 05:38 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-15 05:38 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-15 05:38 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-15 03:21 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-08-15 03:21 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-08-15 03:21 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-08-15 03:21 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-08-15 03:20 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-08-15 03:20 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-15 03:20 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-08-15 03:20 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-15 03:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-08-15 03:19 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-15 03:19 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-15 03:19 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-08-15 03:18 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll

2013-08-15 03:18 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-08 10:14 . 2013-08-15 04:03 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\FreeOCR

2013-08-08 10:05 . 2007-03-10 04:41 2680320 ----a-w- c:\windows\SysWow64\ImageEnXLibrary.ocx

2013-08-08 10:05 . 2013-08-12 15:22 -------- d-----w- C:\FreeOCR

2013-08-07 16:52 . 2013-08-21 08:59 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\gtk-2.0

2013-08-07 16:46 . 2013-08-07 16:46 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\.kde

2013-08-03 08:04 . 2012-09-18 08:22 239104 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys

2013-08-03 08:04 . 2012-08-20 00:55 76288 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys

2013-08-03 08:04 . 2012-08-20 00:55 30720 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys

2013-08-03 08:04 . 2012-08-20 00:55 104960 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys

2013-08-03 08:04 . 2012-09-14 01:28 451072 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys

2013-08-03 08:04 . 2012-08-20 00:55 90112 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys

2013-08-03 08:04 . 2011-12-31 01:20 225920 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2013-08-03 08:04 . 2010-10-08 08:59 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2013-08-03 08:04 . 2010-09-26 10:09 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys

2013-08-03 08:04 . 2010-08-05 23:43 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys

2013-08-03 08:04 . 2010-07-27 01:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys

2013-08-03 08:04 . 2010-03-20 04:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys

2013-08-03 08:03 . 2013-08-03 08:15 -------- d-----w- c:\program files (x86)\Aircel

2013-07-30 16:24 . 2013-07-30 16:24 -------- d-----w- C:\Python27

2013-07-30 08:46 . 2013-07-30 08:46 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\TuneUp Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-19 07:30 . 2012-04-02 15:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-19 07:30 . 2012-03-11 09:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-15 11:00 . 2011-09-10 10:04 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-20 14:28 . 2012-02-11 12:01 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-07-09 04:45 . 2013-08-15 05:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-06-25 09:40 . 2012-08-01 14:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-25 09:40 . 2012-04-22 07:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-18 16:20 . 2013-06-18 16:20 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-18 16:20 . 2011-04-27 09:55 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-06-05 03:34 . 2013-07-10 15:31 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-10 15:41 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 15:41 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-05-07 14:33 . 2013-03-19 06:51 10965504 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]

"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]

"LManager"="c:\program files (x86)\launch manager\lmanager.exe" [2010-08-10 975952]

"IAStorIcon"="c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe" [2010-04-13 284696]

"SDTray"="c:\program files (x86)\spybot - search & destroy 2\sdtray.exe" [2012-11-13 3825176]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"vProt"=c:\program files (x86)\avg secure search\vprot.exe

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]

R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]

R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]

S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service;c:\program files (x86)\ThreatFire\TFService.exe service [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-22 07:13 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:08]

.

2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]

.

2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]

"ETDWare"="c:\program files (x86)\elantech\etdctrl.exe" [bU]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

IE: Free YouTube Download - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: NameServer = 101.223.255.141 101.223.255.142

FF - ProfilePath - c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-SDWinLogon - SDWinLogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,

2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a

"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,

35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,

c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:e6,1e,6f,07,11,c4,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-28 20:39:16

ComboFix-quarantined-files.txt 2013-08-28 15:09

ComboFix2.txt 2013-08-26 16:32

ComboFix3.txt 2013-08-26 06:44

.

Pre-Run: 421,187,305,472 bytes free

Post-Run: 421,102,649,344 bytes free

.

- - End Of File - - 98148031EA1B7E357DCDFE219C42ACF0

August 28, 2013

ok, thankyou.

August 28, 2013

Hello Mr.Borislav, do you want me to right click on Combofix and click delete on my desktop or go to start button and uninstall Combofix.

August 27, 2013

Sorry Mr.Borislav, i forgot to mention that the ESET online scanner did not detect any threats during the scan.It took more than 3 hours and the result was no threats.

August 27, 2013

Here is the log :

SystemLook 30.07.11 by jpshortstuff

Log created at 23:02 on 27/08/2013 by Kishore Reddy

Administrator - Elevation successful

========== filefind ==========

Searching for "*delta*"

C:\Program Files\GIMP 2\share\gimp\2.0\help\en\images\filters\examples\addborder-delta.png --a---- 953 bytes [09:33 28/10/2012] [07:32 03/06/2012] B00177FDD89DA4C13A8AE1BC4C985465

C:\Program Files\SecurityKISS Tunnel\OpenVPN\bin\deltapall.bat --a---- 36 bytes [07:10 08/06/2013] [00:18 01/08/2010] 18ABDFF2B46F134ECE25184596F3D129

C:\Program Files (x86)\Aircel\usermanual\en-us\public_sys-resources\delta.gif --a---- 117 bytes [08:03 03/08/2013] [03:52 31/10/2012] 590FE4AA39AD65888B60F513240BB77E

C:\Program Files (x86)\Aircel\usermanual\en-us\public_sys-resources\deltaend.gif --a---- 116 bytes [08:03 03/08/2013] [03:52 31/10/2012] B0CDFD8E2D774E7D6890366B0508C67A

C:\Program Files (x86)\Inkscape\share\extensions\alphabet_soup\Delta.svg --a---- 589 bytes [12:25 08/07/2011] [12:25 08/07/2011] A3582CAB0FCE8F398583DC78A1A16503

C:\Users\Kishore Reddy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\Photoshop\CS5\Using\images\P_Delta_Sm_N.png --a---- 462 bytes [12:16 24/02/2012] [12:16 24/02/2012] 0ED5EEF9C7473AE5CC24F9275CF9EA80

C:\Windows\Installer\{177586E7-E42E-4F38-83D1-D15B4AF5B714}\Delta.ico -ra---- 17542 bytes [15:23 13/02/2013] [15:23 13/02/2013] A00E6F81998496C98D28576CE1EAE43B

C:\Windows\Prefetch\AM_DELTA_PATCH_1.157.330.0.EX-2568A3EC.pf --a---- 9216 bytes [10:30 26/08/2013] [10:30 26/08/2013] CE55EB9BD2ACA0CBBCB59B70CB86BD07

C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.157.408.0.exe --a---- 660760 bytes [13:10 27/08/2013] [08:58 27/08/2013] 5C1652EC906BB2F661DD0389FBD7AB83

C:\Windows\System32\msdelta.dll --a---- 451584 bytes [23:22 13/07/2009] [01:41 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D

C:\Windows\SysWOW64\msdelta.dll --a---- 305152 bytes [23:12 13/07/2009] [01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC

C:\Windows\winsxs\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069\msdelta.dll --a---- 451584 bytes [23:22 13/07/2009] [01:41 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\msdelta.dll --a---- 451584 bytes [02:55 14/07/2009] [02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\msdelta.dll --a---- 451584 bytes [02:55 14/07/2009] [02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\msdelta.dll --a---- 451584 bytes [02:55 14/07/2009] [02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D

C:\Windows\winsxs\FileMaps\$$_media_delta_0f36d7d9b4f7293c.cdf-ms --a---- 2436 bytes [02:59 14/07/2009] [05:32 14/07/2009] 0ED4291DC068EB860AC15A6E5360224C

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069.manifest --a---- 2888 bytes [02:33 14/07/2009] [02:21 14/07/2009] 6B7D6AD4FA771B7D532B7AD67D396853

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_c5d387d64eb8e1f2.manifest --a---- 2461 bytes [02:33 14/07/2009] [02:26 14/07/2009] B84326CF1509A48DF01F10CC45B97A3F

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_c8049b9e4ba7658c.manifest ------- 2461 bytes [11:26 02/09/2011] [00:51 20/11/2010] 8A388670A7B189FE5CE192B81E6F7401

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8.manifest --a---- 27794 bytes [02:17 14/07/2009] [02:18 14/07/2009] 2D159244CBBD3875345AFDD9C34B444B

C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33.manifest --a---- 2886 bytes [02:33 14/07/2009] [01:54 14/07/2009] 110D843CC1C2B3A02A46D4AD962C04B6

C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_69b4ec52965b70bc.manifest --a---- 2459 bytes [02:33 14/07/2009] [01:57 14/07/2009] 6A0B78A725C86457BCED783D682C9BB5

C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_6be6001a9349f456.manifest ------- 2459 bytes [11:26 02/09/2011] [23:40 19/11/2010] 771093D6028BE8C764993524B6392E70

C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33\msdelta.dll --a---- 305152 bytes [23:12 13/07/2009] [01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC

C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\msdelta.dll --a---- 305152 bytes [02:43 14/07/2009] [02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC

C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\msdelta.dll --a---- 305152 bytes [02:43 14/07/2009] [02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC

C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\msdelta.dll --a---- 305152 bytes [02:43 14/07/2009] [02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC

========== folderfind ==========

Searching for "*delta*"

C:\Windows\Media\Delta dr--s-- [03:20 14/07/2009]

C:\Windows\winsxs\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069 d------ [03:20 14/07/2009]

C:\Windows\winsxs\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_c5d387d64eb8e1f2 d------ [03:20 14/07/2009]

C:\Windows\winsxs\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_c8049b9e4ba7658c d------ [10:28 10/09/2011]

C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8 d------ [05:30 14/07/2009]

C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33 d------ [03:20 14/07/2009]

C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_69b4ec52965b70bc d------ [03:20 14/07/2009]

C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_6be6001a9349f456 d------ [10:29 10/09/2011]

========== regfind ==========

Searching for "delta"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta]

@="C:\Windows\Media\Delta\Windows Ding.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]

@="C:\Windows\Media\Delta\Windows Logon Sound.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]

@="C:\Windows\Media\Delta\Windows Battery Critical.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]

@="C:\Windows\Media\Delta\Windows Notify.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]

@="C:\Windows\Media\Delta\Windows Battery Low.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]

@="C:\Windows\Media\Delta\Windows Notify.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]

@="C:\Windows\Media\Delta\Windows Print complete.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]

@="C:\Windows\Media\Delta\Windows Error.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]

@="C:\Windows\Media\Delta\Windows Exclamation.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]

@="C:\Windows\Media\Delta\Windows Critical Stop.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]

@="C:\Windows\Media\Delta\Windows Balloon.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]

@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]

@="C:\Windows\Media\Delta\Windows Logon Sound.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]

@="C:\Windows\Media\Delta\Windows User Account Control.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]

@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]

@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]

@="C:\Windows\Media\Delta\Windows Navigation Start.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]

@="C:\Windows\Media\Delta\Windows Information Bar.wav"

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]

[HKEY_CURRENT_USER\AppEvents\Schemes\Names\Delta]

[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1B4\52C64B7E]

"@mmres.dll,-814"="Delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*]

"ContentViewModeLayoutPatternForSearch"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Document]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Email]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Music]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Music]

"ContentViewModeLayoutPatternForSearch"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Picture]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Picture]

"ContentViewModeLayoutPatternForSearch"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Video]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Video]

"ContentViewModeLayoutPatternForSearch"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Appointment]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Appointment]

"ContentViewModeLayoutPatternForSearch"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Contact]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Contact]

"ContentViewModeLayoutPatternForSearch"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Schedule.Meeting]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Schedule.Meeting]

"ContentViewModeLayoutPatternForSearch"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F6D68FF-81A4-3F8A-AD32-8E8DDDA7FC41}\2.0.0.0]

"Class"="System.Diagnostics.SymbolStore.SymbolLineDelta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F6D68FF-81A4-3F8A-AD32-8E8DDDA7FC41}\4.0.0.0]

"Class"="System.Diagnostics.SymbolStore.SymbolLineDelta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.msg]

"ContentViewModeLayoutPatternForBrowse"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.msg]

"ContentViewModeLayoutPatternForSearch"="delta"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_9afd56f432219a2e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_0a20a2633b1984ad]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_none_f2cfa9dc6d3f5297]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\Half SD]

"WinSAT_CPU Delta"="-1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\HD Default]

"WinSAT_CPU Delta"="2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MP4]

"WinSAT_CPU Delta"="0.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-ISO]

"WinSAT_CPU Delta"="0.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-TTS]

"WinSAT_CPU Delta"="0.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD Default]

"WinSAT_CPU Delta"="0.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD WMV]

"WinSAT_CPU Delta"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Realtek\AECBF\icrcAudioProcessingDemo\GSCBeamformer\PostFiltering]

"delta"="0.000100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\CVH\Connect\{90140011-0066-0409-0000-0000000FF1CE}]

"deltaCacheFolderName"="140066.enu-90140011-66-409"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\Half SD]

"WinSAT_CPU Delta"="-1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\HD Default]

"WinSAT_CPU Delta"="2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MP4]

"WinSAT_CPU Delta"="0.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-ISO]

"WinSAT_CPU Delta"="0.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-TTS]

"WinSAT_CPU Delta"="0.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD Default]

"WinSAT_CPU Delta"="0.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD WMV]

"WinSAT_CPU Delta"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014]

"RoamDelta"="3"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\RoamDelta]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014]

"RoamDelta"="3"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\RoamDelta]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014]

"RoamDelta"="3"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\RoamDelta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\.Default\Delta]

@="C:\Windows\Media\Delta\Windows Ding.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]

@="C:\Windows\Media\Delta\Windows Logon Sound.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]

@="C:\Windows\Media\Delta\Windows Battery Critical.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]

@="C:\Windows\Media\Delta\Windows Notify.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]

@="C:\Windows\Media\Delta\Windows Battery Low.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]

@="C:\Windows\Media\Delta\Windows Notify.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]

@="C:\Windows\Media\Delta\Windows Print complete.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]

@="C:\Windows\Media\Delta\Windows Error.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]

@="C:\Windows\Media\Delta\Windows Exclamation.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]

@="C:\Windows\Media\Delta\Windows Critical Stop.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]

@="C:\Windows\Media\Delta\Windows Balloon.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]

@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]

@="C:\Windows\Media\Delta\Windows Logon Sound.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]

@="C:\Windows\Media\Delta\Windows User Account Control.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]

@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]

@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]

@="C:\Windows\Media\Delta\Windows Navigation Start.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]

@="C:\Windows\Media\Delta\Windows Information Bar.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Names\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\.Default\Delta]

@="C:\Windows\Media\Delta\Windows Ding.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]

@="C:\Windows\Media\Delta\Windows Logon Sound.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]

@="C:\Windows\Media\Delta\Windows Battery Critical.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]

@="C:\Windows\Media\Delta\Windows Notify.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]

@="C:\Windows\Media\Delta\Windows Battery Low.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]

@="C:\Windows\Media\Delta\Windows Notify.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]

@="C:\Windows\Media\Delta\Windows Print complete.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]

@="C:\Windows\Media\Delta\Windows Error.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]

@="C:\Windows\Media\Delta\Windows Exclamation.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]

@="C:\Windows\Media\Delta\Windows Critical Stop.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]

@="C:\Windows\Media\Delta\Windows Balloon.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]

@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]

@="C:\Windows\Media\Delta\Windows Logon Sound.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]

@="C:\Windows\Media\Delta\Windows User Account Control.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]

@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]

@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]

@="C:\Windows\Media\Delta\Windows Navigation Start.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]

@="C:\Windows\Media\Delta\Windows Information Bar.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Names\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\.Default\Delta]

@="C:\Windows\Media\Delta\Windows Ding.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]

@="C:\Windows\Media\Delta\Windows Logon Sound.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]

@="C:\Windows\Media\Delta\Windows Battery Critical.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]

@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]

@="C:\Windows\Media\Delta\Windows Notify.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]

@="C:\Windows\Media\Delta\Windows Battery Low.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]

@="C:\Windows\Media\Delta\Windows Notify.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]

@="C:\Windows\Media\Delta\Windows Print complete.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]

@="C:\Windows\Media\Delta\Windows Error.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]

@="C:\Windows\Media\Delta\Windows Exclamation.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]

@="C:\Windows\Media\Delta\Windows Critical Stop.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]

@="C:\Windows\Media\Delta\Windows Balloon.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]

@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]

@="C:\Windows\Media\Delta\Windows Logon Sound.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]

@="C:\Windows\Media\Delta\Windows User Account Control.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]

@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]

@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]

@="C:\Windows\Media\Delta\Windows Navigation Start.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]

@="C:\Windows\Media\Delta\Windows Information Bar.wav"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Names\Delta]

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\Software\Classes\Local Settings\MuiCache\1B4\52C64B7E]

"@mmres.dll,-814"="Delta"

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000_Classes\Local Settings\MuiCache\1B4\52C64B7E]

"@mmres.dll,-814"="Delta"

-= EOF =-

August 27, 2013

Right now i am scanning the system with eset online scanner. shall i stop the scan or complete the scan. waiting for your advice.

August 27, 2013

System is now working really well and the speed is good. the only problem is MBAM still finds Delta in its scan.

August 27, 2013

Earlier i scanned using eset online scanner using all the options mentioned by you but the scan did not find any threats. The scan was done before approaching the forum.

August 27, 2013

Mr.Borislav i have ESET online scanner on my system. shall i update and scan with it.

August 26, 2013

Here is the required log:

ComboFix 13-08-25.01 - Kishore Reddy 26-08-2013 21:34:58.2.4 - x64

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.91.1033.18.2807.1576 [GMT 5.5:30]

Running from: c:\users\Kishore Reddy\Desktop\ComboFix.exe

Command switches used :: c:\users\Kishore Reddy\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NMFMFX

-------\Legacy_OFVPMJ

-------\Legacy_PVKVLW

-------\Legacy_QOZYSH

-------\Legacy_SSUHOP

-------\Legacy_TVELMS

-------\Legacy_UOTOTE

-------\Legacy_VHJRAP

-------\Legacy_VXOQKW

-------\Legacy_WAYUIA

-------\Legacy_ZEDLTN

-------\Legacy_ZVIJCV

-------\Service_nmfmfx

-------\Service_ofvpmj

-------\Service_pvkvlw

-------\Service_qozysh

-------\Service_ssuhop

-------\Service_tvelms

-------\Service_uotote

-------\Service_vhjrap

-------\Service_vxoqkw

-------\Service_wayuia

-------\Service_zedltn

-------\Service_zvijcv

.

((((((((((((((((((((((((( Files Created from 2013-07-26 to 2013-08-26 )))))))))))))))))))))))))))))))

.

2013-08-26 16:18 . 2013-08-26 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-26 10:30 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{180BC440-77C0-43C2-8625-0B3A6E214F81}\mpengine.dll

2013-08-26 06:49 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll