ganbts7

Thank you bro.. God bless you and your family..

Thank u bro.. now everything is cleared... thanks a ton for ur help....

Bro.. thanks a lot for ur help.. i ve did all the above things.. Only one question:- As i ve kis2013, i ve disabled Windows defender & Windows firefall, is this good?

DDS.Txt:- DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by Elcot at 14:08:46 on 2013-01-03 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.1171 [GMT 5.5:30] . AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\DatacardService\HWDeviceService.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\ProgramData\Reliance Netconnect+\OnlineUpdate\ouc.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Reliance Netconnect+\Reliance Netconnect.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [sCX3200_Scan2Pc] c:\windows\twain_32\samsung\scx3200\Scan2pc.exe mRun: [3200 Scan2PC] "c:\windows\twain_32\samsung\scx3200\Scan2Pc.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:32 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll Trusted Zone: alipay.com Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: alisoft.com Trusted Zone: taobao.com Trusted Zone: taobao.com DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{6541AEB5-5772-4C3C-990F-1F310287B830} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C37A259A-E6CE-4A5F-A224-A492F61BD270} : DHCPNameServer = 192.168.42.129 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\ FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwangwang.dll FF - plugin: c:\program files\trademanager\nptrademanager.dll FF - plugin: c:\program files\trademanager\npwangwang.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\anti_banner@kaspersky.com FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\content_blocker@kaspersky.com FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\online_banking@kaspersky.com FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\url_advisor@kaspersky.com FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\virtual_keyboard@kaspersky.com . ============= SERVICES / DRIVERS =============== . R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608] R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624] R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-11-29 13336] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-11-17 5120] R2 UDisk Monitor;UDisk Monitor;c:\users\elcot\appdata\roaming\ct_ztemt_usb\MonServiceUDisk.exe [2012-12-18 507904] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2012-1-12 21520] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-10-19 73216] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-26 21104] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-11-29 267880] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496] S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376] S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-26 398184] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-26 682344] S2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\reliance netconnect+\updatedog\ouc.exe [2012-10-19 218624] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-11-29 117032] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-10-19 102784] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-12-18 105472] . =============== Created Last 30 ================ . 2013-01-03 06:01:49 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-02 13:44:05 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dca7fa35-869f-4111-b45c-900d517525b2}\offreg.dll 2013-01-02 08:06:50 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-01-02 08:06:50 295424 ----a-w- c:\windows\system32\atmfd.dll 2013-01-02 08:05:38 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2013-01-02 08:05:34 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dca7fa35-869f-4111-b45c-900d517525b2}\mpengine.dll 2013-01-02 07:49:44 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-01-02 07:49:44 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-01-02 07:49:44 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-01-02 07:49:01 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-01-02 07:49:01 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-01-02 07:49:01 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-01-02 07:49:01 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-01-02 07:49:00 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-01-02 07:49:00 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-01-02 07:49:00 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-01-02 07:48:39 5120 ----a-w- c:\windows\system32\wmi.dll 2013-01-02 07:48:39 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-01-02 07:48:39 159232 ----a-w- c:\windows\system32\imagehlp.dll 2013-01-02 07:44:38 -------- d-----w- c:\program files\MSXML 4.0 2013-01-02 07:16:39 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-01-02 07:16:39 1159680 ----a-w- c:\windows\system32\crypt32.dll 2013-01-02 07:16:39 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-01-02 07:14:15 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-01-02 07:14:15 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2013-01-02 07:14:15 225280 ----a-w- c:\windows\system32\schannel.dll 2013-01-02 07:14:15 219136 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-02 07:14:15 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-01-02 07:11:45 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-02 07:09:37 123904 ----a-w- c:\windows\system32\poqexec.exe 2013-01-02 07:09:35 442880 ----a-w- c:\windows\system32\ntshrui.dll 2013-01-02 07:09:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-01-02 07:09:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-01-02 07:09:22 2342400 ----a-w- c:\windows\system32\msi.dll 2013-01-02 07:09:18 2048 ----a-w- c:\windows\system32\tzres.dll 2013-01-02 07:08:59 690688 ----a-w- c:\windows\system32\msvcrt.dll 2013-01-02 05:55:47 -------- d-----w- c:\users\elcot\appdata\roaming\SUPERAntiSpyware.com 2013-01-02 05:55:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-02 05:55:03 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-01 16:25:57 -------- d-----w- c:\windows\ELAMBKUP 2013-01-01 16:25:50 -------- d-----w- c:\programdata\Kaspersky Lab 2013-01-01 16:25:50 -------- d-----w- c:\program files\Kaspersky Lab 2013-01-01 16:25:23 75096 ----a-w- c:\windows\system32\drivers\klflt.sys 2012-12-29 12:23:21 -------- d-----w- c:\programdata\WoW Worldwide Software LTD 2012-12-29 12:18:33 -------- d-----w- c:\users\elcot\appdata\roaming\SendSpace 2012-12-29 12:17:21 -------- d-----w- c:\program files\Optimizer Pro 2012-12-29 12:13:58 -------- d-----w- c:\program files\BrowseToSave 2012-12-28 15:38:22 -------- d-----w- c:\users\elcot\appdata\local\Programs 2012-12-27 06:06:06 -------- d-----w- c:\users\elcot\appdata\local\ElevatedDiagnostics 2012-12-25 19:02:18 -------- d-----w- c:\users\elcot\appdata\roaming\Malwarebytes 2012-12-25 19:02:08 -------- d-----w- c:\programdata\Malwarebytes 2012-12-25 19:02:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-25 19:02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-19 21:01:57 -------- d-----w- c:\programdata\eBay 2012-12-19 21:01:57 -------- d-----w- c:\program files\eBay 2012-12-19 20:27:36 -------- d-----w- c:\program files\Listing Factory 2012 2012-12-18 13:10:41 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys 2012-12-18 13:10:41 -------- d-----w- c:\users\elcot\appdata\roaming\CT_ZTEMT_USB 2012-12-18 13:10:23 -------- d-----w- c:\program files\ChinaTelDriverManager 2012-12-18 13:10:21 -------- d-----w- c:\users\elcot\appdata\roaming\chinatelecom 2012-12-18 13:10:15 -------- d---a-w- c:\program files\common files\B0B19AEC-413E-4654-86EE-3FD4E7655A93 2012-12-18 13:09:31 -------- d-----w- c:\program files\Chinatelecom C+W 2012-12-14 17:19:56 -------- d-----w- c:\program files\Microsoft ActiveSync 2012-12-14 15:56:23 -------- d-----w- c:\program files\Excel Password Unlocker 2012-12-14 15:45:34 -------- d-----w- c:\program files\PasswordLastic 2012-12-04 10:07:30 49152 ----a-r- c:\windows\system32\inetwh32.dll 2012-12-04 10:07:30 1044480 ----a-r- c:\windows\system32\roboex32.dll . ==================== Find3M ==================== . 2013-01-01 17:56:22 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-01-01 17:56:21 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2013-01-01 17:56:20 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2012-12-11 19:17:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-11 19:17:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-22 02:56:02 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 20:29:04 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-30 16:53:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-30 16:53:27 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-30 16:53:27 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-19 10:27:14 3993600 ----a-w- c:\program files\GUT1DAE.tmp 2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . ============= FINISH: 14:09:35.98 =============== Attach.Txt:- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 16-12-2011 12:07:34 PM System Uptime: 03-01-2013 12:21:38 PM (2 hours ago) . Motherboard: LENOVO | | Base Board Product Name Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 1196/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 59 GiB total, 8.716 GiB free. D: is FIXED (NTFS) - 141 GiB total, 2.441 GiB free. E: is CDROM (CDFS) G: is FIXED (NTFS) - 98 GiB total, 90.163 GiB free. H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . µTorrent Acrobat.com Active@ KillDisk Professional Suite Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI ChinaNet client Conexant HD Audio DHTML Editing Component DivX Setup Energy Management ETDWare PS/2-X86 8.0.4.3_WHQL Excel Password Recovery Lastic 1.1 Excel Password Unlocker 4.0.2.3 FileZilla Client 3.6.0.2 Google Chrome Google Gmail Notifier Google Talk (remove only) Google Update Helper Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology Java 7 Update 9 Java Auto Updater Kaspersky Internet Security 2013 Listing Factory 2012 3.8.9.5 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Professional Edition 2003 Microsoft Office Starter 2010 - English Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual J# 2.0 Redistributable Package Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PandoraRecovery (Remove Only) Realtek Ethernet Controller Driver For Windows 7 Reliance Netconnect+ Samsung Scan Assistant Samsung SCX-3200 Series Skype™ 6.0 SUPERAntiSpyware TN Govt Keyboard Interface Total Video Converter 3.71 100812 TradeManager 2011 SP3 Turbo Lister 2 Tux Typing (remove only) VC80CRTRedist - 8.0.50727.6195 VLC media player 1.1.11 Windows Media Player Firefox Plugin WinRAR 4.20 (32-bit) Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 30-12-2012 09:13:50 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6541AEB5-5772-4C3C-990F-1F310287B830} because another computer on the network has the same name. The server could not start. 03-01-2013 12:25:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 03-01-2013 12:22:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 03-01-2013 12:22:20 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified. 03-01-2013 12:22:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Reliance Netconnect. OUC service to connect. 03-01-2013 12:22:00 PM, Error: Service Control Manager [7000] - The Reliance Netconnect. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03-01-2013 12:21:51 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified. 03-01-2013 12:15:54 PM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 03-01-2013 11:32:37 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 03-01-2013 01:32:29 AM, Error: Service Control Manager [7034] - The UDisk Monitor service terminated unexpectedly. It has done this 1 time(s). 03-01-2013 01:32:29 AM, Error: Service Control Manager [7034] - The HWDeviceService.exe service terminated unexpectedly. It has done this 1 time(s). 02-01-2013 11:47:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 02-01-2013 11:21:26 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 02-01-2013 07:30:54 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 02-01-2013 01:44:34 PM, Error: Service Control Manager [7023] - 02-01-2013 01:31:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243). . ==== End Of File ===========================

Hi bro... i ve done all the above steps as per your suggestion.. and to my knowledge there are no problems i guess.. Is there anything else to do?

No issues now bro.. so was everything alright?

Mbam log:- Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.02.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Elcot :: ELCOT-PC [administrator] Protection: Disabled 02-01-2013 PM 11:26:58 mbam-log-2013-01-02 (23-26-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 194140 Time elapsed: 4 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

CF log 2:- ComboFix 13-01-02.02 - Elcot 02-01-2013 23:08:59.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.1272 [GMT 5.5:30] Running from: c:\users\Elcot\Desktop\ComboFix.exe Command switches used :: c:\users\Elcot\Desktop\CFScript.txt AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 ))))))))))))))))))))))))))))))) . . 2013-01-02 17:51 . 2013-01-02 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-02 14:11 . 2013-01-02 14:11 -------- d-----w- C:\_OTM 2013-01-02 13:44 . 2013-01-02 13:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\offreg.dll 2013-01-02 08:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2013-01-02 08:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-01-02 08:05 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\mpengine.dll 2013-01-02 07:49 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-01-02 07:49 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-01-02 07:49 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-01-02 07:49 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-01-02 07:49 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-01-02 07:49 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-01-02 07:49 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-01-02 07:49 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-01-02 07:49 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-01-02 07:49 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-01-02 07:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-01-02 07:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll 2013-01-02 07:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll 2013-01-02 07:44 . 2013-01-02 07:44 -------- d-----w- c:\program files\MSXML 4.0 2013-01-02 07:16 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-01-02 07:16 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll 2013-01-02 07:16 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-01-02 07:14 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-01-02 07:14 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-01-02 07:14 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2013-01-02 07:14 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll 2013-01-02 07:14 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-02 07:11 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-02 07:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2013-01-02 07:09 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2013-01-02 07:09 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-01-02 07:09 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-01-02 07:09 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2013-01-02 07:09 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll 2013-01-02 07:08 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\users\Elcot\AppData\Roaming\SUPERAntiSpyware.com 2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\windows\ELAMBKUP 2013-01-01 16:25 . 2013-01-02 16:03 -------- d-----w- c:\programdata\Kaspersky Lab 2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\program files\Kaspersky Lab 2013-01-01 16:25 . 2012-08-13 12:54 75096 ----a-w- c:\windows\system32\drivers\klflt.sys 2012-12-29 12:23 . 2012-12-29 12:23 -------- d-----w- c:\programdata\WoW Worldwide Software LTD 2012-12-29 12:18 . 2012-12-29 12:18 -------- d-----w- c:\users\Elcot\AppData\Roaming\SendSpace 2012-12-29 12:17 . 2013-01-02 14:11 -------- d-----w- c:\program files\Optimizer Pro 2012-12-29 12:13 . 2013-01-02 14:11 -------- d-----w- c:\program files\BrowseToSave 2012-12-28 15:38 . 2012-12-28 15:38 -------- d-----w- c:\users\Elcot\AppData\Local\Programs 2012-12-27 06:06 . 2012-12-27 06:06 -------- d-----w- c:\users\Elcot\AppData\Local\ElevatedDiagnostics 2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\users\Elcot\AppData\Roaming\Malwarebytes 2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\programdata\Malwarebytes 2012-12-25 19:02 . 2012-12-28 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-25 19:02 . 2012-12-14 11:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\programdata\eBay 2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\program files\eBay 2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\Listing Factory 2012 2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\CT_ZTEMT_USB 2012-12-18 13:10 . 2009-11-18 14:20 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys 2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\program files\ChinaTelDriverManager 2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\chinatelecom 2012-12-18 13:10 . 2012-12-18 13:10 -------- d---a-w- c:\program files\Common Files\B0B19AEC-413E-4654-86EE-3FD4E7655A93 2012-12-18 13:09 . 2012-12-18 13:09 -------- d-----w- c:\program files\Chinatelecom C+W 2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft ActiveSync 2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft.NET 2012-12-14 15:56 . 2012-12-14 16:00 -------- d-----w- c:\program files\Excel Password Unlocker 2012-12-14 15:45 . 2012-12-14 15:45 -------- d-----w- c:\program files\PasswordLastic 2012-12-14 05:18 . 2012-12-14 05:18 0 ----a-w- c:\windows\system32\sho7500.tmp 2012-12-13 21:01 . 2012-12-13 21:01 0 ----a-w- c:\windows\system32\shoEB48.tmp 2012-12-11 17:52 . 2012-12-11 17:52 -------- d-----w- c:\program files\FileZilla FTP Client 2012-12-11 17:43 . 2012-12-11 17:43 0 ----a-w- c:\windows\system32\shoE72.tmp 2012-12-05 12:27 . 2012-12-30 13:09 -------- d-----w- c:\users\Elcot\AppData\Roaming\FileZilla 2012-12-04 10:07 . 2012-12-04 10:07 49152 ----a-r- c:\windows\system32\inetwh32.dll 2012-12-04 10:07 . 2012-12-04 10:07 1044480 ----a-r- c:\windows\system32\roboex32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-01 17:56 . 2012-06-08 06:08 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-01-01 17:56 . 2012-07-25 09:23 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2013-01-01 17:56 . 2012-05-25 14:08 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2012-12-11 19:17 . 2012-10-19 11:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-11 19:17 . 2012-10-19 11:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-22 07:44 . 2012-11-22 07:44 0 ----a-w- c:\windows\system32\shoA5A1.tmp 2012-11-21 08:09 . 2012-11-21 08:09 0 ----a-w- c:\windows\system32\sho619F.tmp 2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2012-11-12 10:27 . 2012-10-24 13:28 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2012-11-02 09:57 . 2012-10-25 10:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-10-30 16:53 . 2012-10-30 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-30 16:53 . 2012-10-30 16:53 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-30 16:53 . 2012-10-30 16:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-24 13:28 . 2012-10-24 13:28 292176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-10-20 12:02 . 2012-10-20 12:02 854 ----a-w- c:\windows\system32\.tmp 2012-10-19 10:27 . 2012-10-19 10:24 3993600 ----a-w- c:\program files\GUT1DAE.tmp 2012-10-19 09:57 . 2012-10-19 09:58 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys 2012-10-19 09:57 . 2012-10-19 09:58 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys 2012-10-19 09:57 . 2012-10-19 09:58 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys 2012-10-19 09:57 . 2012-10-19 09:58 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys 2012-10-19 09:57 . 2012-10-19 09:58 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys 2012-10-19 09:57 . 2012-10-19 09:58 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys 2012-10-19 09:57 . 2012-10-19 09:58 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys 2012-10-19 09:57 . 2012-10-19 09:58 353280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys 2012-10-19 09:57 . 2012-10-19 09:58 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2012-10-19 09:57 . 2012-10-19 09:58 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2012-10-19 09:57 . 2012-10-19 09:58 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys 2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll 2012-10-19 09:57 . 2012-10-19 09:58 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys 2012-10-16 07:39 . 2013-01-02 07:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-12-05 23:11 . 2012-12-05 23:11 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\_OTM ---- . 2012-12-29 12:17 . 2012-10-21 14:55 24517936 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Program Files\Optimizer Pro\OptimizerPro.exe 2012-12-29 12:11 . 2012-12-29 12:11 308584 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_$RECYCLE.BIN\S-1-5-21-2551219980-1859055015-87672157-1000\$R6U8DNY.exe 2012-12-18 19:09 . 2012-12-18 19:09 686728 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe 2012-12-01 21:16 . 2012-12-01 21:16 686728 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe 2012-12-01 21:16 . 2012-12-01 21:16 686728 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part 2012-10-03 17:39 . 2012-10-03 17:39 355328 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Program Files\BrowseToSave\sprotector.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-10-21 322352] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17879216] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064] "ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-01-20 1812264] "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2010-01-11 4147104] "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2010-01-11 5068704] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128] "SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144] "3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-01 356376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\Reliance Netconnect+\UpdateDog\ouc.exe [x] R2 UDisk Monitor;UDisk Monitor;c:\users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 19:17] . 2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32] . 2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: taobao.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\ FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-02 23:23:43 ComboFix-quarantined-files.txt 2013-01-02 17:53 ComboFix2.txt 2013-01-02 15:33 . Pre-Run: 7,577,034,752 bytes free Post-Run: 8,550,887,424 bytes free . - - End Of File - - 5E2DF25793383E57F15F9E73A692E479

Hi bro.. the following is the ComboFix log:- ComboFix 13-01-02.01 - Elcot 02-01-2013 20:45:24.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.1175 [GMT 5.5:30] Running from: c:\users\Elcot\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 ))))))))))))))))))))))))))))))) . . 2013-01-02 15:30 . 2013-01-02 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-02 14:11 . 2013-01-02 14:11 -------- d-----w- C:\_OTM 2013-01-02 13:44 . 2013-01-02 13:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\offreg.dll 2013-01-02 08:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2013-01-02 08:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-01-02 08:05 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\mpengine.dll 2013-01-02 07:49 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-01-02 07:49 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-01-02 07:49 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-01-02 07:49 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-01-02 07:49 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-01-02 07:49 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-01-02 07:49 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-01-02 07:49 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-01-02 07:49 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-01-02 07:49 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-01-02 07:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-01-02 07:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll 2013-01-02 07:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll 2013-01-02 07:44 . 2013-01-02 07:44 -------- d-----w- c:\program files\MSXML 4.0 2013-01-02 07:16 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-01-02 07:16 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll 2013-01-02 07:16 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-01-02 07:14 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-01-02 07:14 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-01-02 07:14 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2013-01-02 07:14 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll 2013-01-02 07:14 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-02 07:11 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-02 07:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2013-01-02 07:09 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2013-01-02 07:09 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-01-02 07:09 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-01-02 07:09 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2013-01-02 07:09 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll 2013-01-02 07:08 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\users\Elcot\AppData\Roaming\SUPERAntiSpyware.com 2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\windows\ELAMBKUP 2013-01-01 16:25 . 2013-01-02 14:31 -------- d-----w- c:\programdata\Kaspersky Lab 2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\program files\Kaspersky Lab 2013-01-01 16:25 . 2012-08-13 12:54 75096 ----a-w- c:\windows\system32\drivers\klflt.sys 2012-12-29 12:23 . 2012-12-29 12:23 -------- d-----w- c:\programdata\WoW Worldwide Software LTD 2012-12-29 12:18 . 2012-12-29 12:18 -------- d-----w- c:\users\Elcot\AppData\Roaming\SendSpace 2012-12-29 12:17 . 2013-01-02 14:11 -------- d-----w- c:\program files\Optimizer Pro 2012-12-29 12:13 . 2013-01-02 14:11 -------- d-----w- c:\program files\BrowseToSave 2012-12-28 15:38 . 2012-12-28 15:38 -------- d-----w- c:\users\Elcot\AppData\Local\Programs 2012-12-27 06:06 . 2012-12-27 06:06 -------- d-----w- c:\users\Elcot\AppData\Local\ElevatedDiagnostics 2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\users\Elcot\AppData\Roaming\Malwarebytes 2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\programdata\Malwarebytes 2012-12-25 19:02 . 2012-12-28 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-25 19:02 . 2012-12-14 11:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\programdata\eBay 2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\program files\eBay 2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\Listing Factory 2012 2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\CT_ZTEMT_USB 2012-12-18 13:10 . 2009-11-18 14:20 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys 2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\program files\ChinaTelDriverManager 2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\chinatelecom 2012-12-18 13:10 . 2012-12-18 13:10 -------- d---a-w- c:\program files\Common Files\B0B19AEC-413E-4654-86EE-3FD4E7655A93 2012-12-18 13:09 . 2012-12-18 13:09 -------- d-----w- c:\program files\Chinatelecom C+W 2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft ActiveSync 2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft.NET 2012-12-14 15:56 . 2012-12-14 16:00 -------- d-----w- c:\program files\Excel Password Unlocker 2012-12-14 15:45 . 2012-12-14 15:45 -------- d-----w- c:\program files\PasswordLastic 2012-12-14 05:18 . 2012-12-14 05:18 0 ----a-w- c:\windows\system32\sho7500.tmp 2012-12-13 21:01 . 2012-12-13 21:01 0 ----a-w- c:\windows\system32\shoEB48.tmp 2012-12-11 17:52 . 2012-12-11 17:52 -------- d-----w- c:\program files\FileZilla FTP Client 2012-12-11 17:43 . 2012-12-11 17:43 0 ----a-w- c:\windows\system32\shoE72.tmp 2012-12-05 12:27 . 2012-12-30 13:09 -------- d-----w- c:\users\Elcot\AppData\Roaming\FileZilla 2012-12-04 10:07 . 2012-12-04 10:07 49152 ----a-r- c:\windows\system32\inetwh32.dll 2012-12-04 10:07 . 2012-12-04 10:07 1044480 ----a-r- c:\windows\system32\roboex32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-01 17:56 . 2012-06-08 06:08 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-01-01 17:56 . 2012-07-25 09:23 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2013-01-01 17:56 . 2012-05-25 14:08 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2012-12-11 19:17 . 2012-10-19 11:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-11 19:17 . 2012-10-19 11:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-22 07:44 . 2012-11-22 07:44 0 ----a-w- c:\windows\system32\shoA5A1.tmp 2012-11-21 08:09 . 2012-11-21 08:09 0 ----a-w- c:\windows\system32\sho619F.tmp 2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2012-11-12 10:27 . 2012-10-24 13:28 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2012-11-02 09:57 . 2012-10-25 10:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-10-30 16:53 . 2012-10-30 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-30 16:53 . 2012-10-30 16:53 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-30 16:53 . 2012-10-30 16:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-24 13:28 . 2012-10-24 13:28 292176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-10-20 12:02 . 2012-10-20 12:02 854 ----a-w- c:\windows\system32\.tmp 2012-10-19 10:27 . 2012-10-19 10:24 3993600 ----a-w- c:\program files\GUT1DAE.tmp 2012-10-19 09:57 . 2012-10-19 09:58 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys 2012-10-19 09:57 . 2012-10-19 09:58 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys 2012-10-19 09:57 . 2012-10-19 09:58 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys 2012-10-19 09:57 . 2012-10-19 09:58 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys 2012-10-19 09:57 . 2012-10-19 09:58 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys 2012-10-19 09:57 . 2012-10-19 09:58 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys 2012-10-19 09:57 . 2012-10-19 09:58 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys 2012-10-19 09:57 . 2012-10-19 09:58 353280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys 2012-10-19 09:57 . 2012-10-19 09:58 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2012-10-19 09:57 . 2012-10-19 09:58 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2012-10-19 09:57 . 2012-10-19 09:58 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys 2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll 2012-10-19 09:57 . 2012-10-19 09:58 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys 2012-10-16 07:39 . 2013-01-02 07:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-12-05 23:11 . 2012-12-05 23:11 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-10-21 322352] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17879216] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064] "ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-01-20 1812264] "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2010-01-11 4147104] "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2010-01-11 5068704] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128] "SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144] "3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-01 356376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\Reliance Netconnect+\UpdateDog\ouc.exe [x] R2 UDisk Monitor;UDisk Monitor;c:\users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 19:17] . 2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32] . 2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: taobao.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\ FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com . - - - - ORPHANS REMOVED - - - - . AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe AddRemove-{7F13A6D8-FEAD-1A9C-F877-B68FA4F0842E} - c:\progra~2\INSTAL~1\{7F13A~1\Setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-02 21:03:00 ComboFix-quarantined-files.txt 2013-01-02 15:32 . Pre-Run: 8,186,839,040 bytes free Post-Run: 8,283,389,952 bytes free . - - End Of File - - B26B0552E4E0AEA16AE6D7A36A6331B7

Ya i have seen the blank screen in the desktop when i run OTM.. as u told me to post the results in this forum, i was unable to post it.. bcos as none of programs are visible in the desktop, i just had a only option of pressing the Power button to shutdown.. any ideas bro? Will i ve to proceed with combofix bro?

When i click "Move It" once again the screen went black bro... then i pressed the power button, shut down my laptop and opened.. so any ideas pls? P.S: I get the following error msg when i click "Move It" Invalid Time Flag! [instlleRex.E.Gen Application] Must be Numerical

Bro.. after copying the results from the result page, i closed OTM by mistake.. the screen went black and i cant be able to do anything.. very sorry for that.. can i redo the process again?

Security Check:- Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 9 Adobe Flash Player 11.5.502.135 Adobe Reader XI Mozilla Firefox (17.0.1) Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Reliance Netconnect+ OnlineUpdate ouc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````

Eset Scan:- (40 threats found) C:\$RECYCLE.BIN\S-1-5-21-2551219980-1859055015-87672157-1000\$R6U8DNY.exe Win32/InstalleRex.E.Gen application C:\Documents and Settings\Elcot\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Documents and Settings\Elcot\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Documents and Settings\Elcot\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application C:\Documents and Settings\Elcot\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Documents and Settings\Elcot\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Documents and Settings\Elcot\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application C:\Documents and Settings\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Documents and Settings\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Documents and Settings\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application C:\Documents and Settings\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Documents and Settings\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Documents and Settings\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe a variant of Win32/CNETInstaller.A application C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part a variant of Win32/CNETInstaller.A application C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe a variant of Win32/CNETInstaller.A application C:\Documents and Settings\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Documents and Settings\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Documents and Settings\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application C:\Documents and Settings\Elcot\Local Settings\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Documents and Settings\Elcot\Local Settings\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Documents and Settings\Elcot\Local Settings\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application C:\Program Files\BrowseToSave\sprotector.dll a variant of Win32/SProtector.A application C:\Program Files\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application C:\Users\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Users\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Users\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application C:\Users\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Users\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Users\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe a variant of Win32/CNETInstaller.A application C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part a variant of Win32/CNETInstaller.A application C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe a variant of Win32/CNETInstaller.A application C:\Users\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Users\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Users\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application C:\Users\Elcot\Local Settings\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application C:\Users\Elcot\Local Settings\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application C:\Users\Elcot\Local Settings\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application D:\EARN ONLINEEEE\GTX Tech\E3 CFW 4.30 and manager.zip.exe Win32/InstalleRex.E.Gen application

Ya.. in progress bro..

AdwCleaner:- # AdwCleaner v2.104 - Logfile created 01/02/2013 at 17:21:47 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : Elcot - ELCOT-PC # Boot Mode : Normal # Running from : C:\Users\Elcot\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\searchplugins\WebSearch.xml Folder Deleted : C:\Program Files\MocaFlix Folder Deleted : C:\ProgramData\InstallMate ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\mocaflix\sprote~1.dll Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/ --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/ --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\prefs.js C:\Users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\user.js ... Deleted ! Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("browser.search.defaultenginename", "WebSearch"); Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch"); Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.just-browse.info/?l=1&q="); Deleted : user_pref("browser.search.order.1", "WebSearch"); Deleted : user_pref("browser.search.order.1,S", "WebSearch"); Deleted : user_pref("browser.search.selectedEngine", "WebSearch"); Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch"); Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.just-browse.info/"); Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("keyword.URL", "hxxp://websearch.just-browse.info/?l=1&q="); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch"); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch"); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.just-browse.info/")[...] Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.just-browse.info/?l=1&q="); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*"); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1"); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false"); -\\ Google Chrome v23.0.1271.97 File : C:\Users\Elcot\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [3498 octets] - [02/01/2013 17:21:47] ########## EOF - C:\AdwCleaner[s1].txt - [3558 octets] ##########

Btw i dont know how to disable script blocker.. hence i disabled kis2013 & net connection and installed dds...... is that ok..?

Thanks a lot for ur help & quick reply.. the following are the logs.. DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by Elcot at 16:15:58 on 2013-01-02 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.835 [GMT 5.5:30] . AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\ProgramData\DatacardService\HWDeviceService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\ProgramData\Reliance Netconnect+\OnlineUpdate\ouc.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\LogonUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files\Reliance Netconnect+\Reliance Netconnect.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\system32\calc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://websearch.just-browse.info/ mStart Page = hxxp://websearch.just-browse.info/ BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [sCX3200_Scan2Pc] c:\windows\twain_32\samsung\scx3200\Scan2pc.exe mRun: [3200 Scan2PC] "c:\windows\twain_32\samsung\scx3200\Scan2Pc.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:32 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll Trusted Zone: alipay.com Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: alisoft.com Trusted Zone: taobao.com Trusted Zone: taobao.com TCP: NameServer = 192.168.1.1 TCP: Interfaces\{6541AEB5-5772-4C3C-990F-1F310287B830} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C37A259A-E6CE-4A5F-A224-A492F61BD270} : DHCPNameServer = 192.168.42.129 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~1\browse~1\sprote~1.dll c:\progra~1\mocaflix\sprote~1.dll SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\ FF - prefs.js: browser.search.defaulturl - hxxp://websearch.just-browse.info/?l=1&q= FF - prefs.js: browser.search.selectedEngine - WebSearch FF - prefs.js: browser.startup.homepage - hxxp://websearch.just-browse.info/ FF - prefs.js: keyword.URL - hxxp://websearch.just-browse.info/?l=1&q= FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwangwang.dll FF - plugin: c:\program files\trademanager\nptrademanager.dll FF - plugin: c:\program files\trademanager\npwangwang.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-11-02 20:55; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\anti_banner@kaspersky.com FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\content_blocker@kaspersky.com FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\online_banking@kaspersky.com FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\url_advisor@kaspersky.com FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\virtual_keyboard@kaspersky.com . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608] R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624] R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-11-29 13336] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-26 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-26 682344] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-11-17 5120] R2 UDisk Monitor;UDisk Monitor;c:\users\elcot\appdata\roaming\ct_ztemt_usb\MonServiceUDisk.exe [2012-12-18 507904] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2012-1-12 21520] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-10-19 73216] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-26 21104] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-11-29 267880] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496] S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376] S2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\reliance netconnect+\updatedog\ouc.exe [2012-10-19 218624] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-11-29 117032] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-10-19 102784] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-12-18 105472] . =============== Created Last 30 ================ . 2013-01-02 08:06:50 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-01-02 08:06:50 295424 ----a-w- c:\windows\system32\atmfd.dll 2013-01-02 08:05:38 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2013-01-02 08:05:34 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dca7fa35-869f-4111-b45c-900d517525b2}\mpengine.dll 2013-01-02 07:49:44 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-01-02 07:49:44 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-01-02 07:49:44 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-01-02 07:49:01 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-01-02 07:49:01 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-01-02 07:49:01 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-01-02 07:49:01 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-01-02 07:49:00 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-01-02 07:49:00 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-01-02 07:49:00 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-01-02 07:48:39 5120 ----a-w- c:\windows\system32\wmi.dll 2013-01-02 07:48:39 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-01-02 07:48:39 159232 ----a-w- c:\windows\system32\imagehlp.dll 2013-01-02 07:44:38 -------- d-----w- c:\program files\MSXML 4.0 2013-01-02 07:16:39 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-01-02 07:16:39 1159680 ----a-w- c:\windows\system32\crypt32.dll 2013-01-02 07:16:39 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-01-02 07:14:15 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-01-02 07:14:15 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2013-01-02 07:14:15 225280 ----a-w- c:\windows\system32\schannel.dll 2013-01-02 07:14:15 219136 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-02 07:14:15 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-01-02 07:11:45 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-02 07:09:37 123904 ----a-w- c:\windows\system32\poqexec.exe 2013-01-02 07:09:35 442880 ----a-w- c:\windows\system32\ntshrui.dll 2013-01-02 07:09:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-01-02 07:09:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-01-02 07:09:22 2342400 ----a-w- c:\windows\system32\msi.dll 2013-01-02 07:09:18 2048 ----a-w- c:\windows\system32\tzres.dll 2013-01-02 07:08:59 690688 ----a-w- c:\windows\system32\msvcrt.dll 2013-01-02 05:55:47 -------- d-----w- c:\users\elcot\appdata\roaming\SUPERAntiSpyware.com 2013-01-02 05:55:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-02 05:55:03 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-01 16:25:57 -------- d-----w- c:\windows\ELAMBKUP 2013-01-01 16:25:50 -------- d-----w- c:\programdata\Kaspersky Lab 2013-01-01 16:25:50 -------- d-----w- c:\program files\Kaspersky Lab 2013-01-01 16:25:23 75096 ----a-w- c:\windows\system32\drivers\klflt.sys 2012-12-29 12:23:21 -------- d-----w- c:\programdata\WoW Worldwide Software LTD 2012-12-29 12:18:33 -------- d-----w- c:\users\elcot\appdata\roaming\SendSpace 2012-12-29 12:18:18 -------- d-----w- c:\program files\MocaFlix 2012-12-29 12:17:21 -------- d-----w- c:\program files\Optimizer Pro 2012-12-29 12:13:58 -------- d-----w- c:\program files\BrowseToSave 2012-12-29 12:12:37 -------- d-----w- c:\programdata\InstallMate 2012-12-28 15:38:22 -------- d-----w- c:\users\elcot\appdata\local\Programs 2012-12-27 06:06:06 -------- d-----w- c:\users\elcot\appdata\local\ElevatedDiagnostics 2012-12-25 19:02:18 -------- d-----w- c:\users\elcot\appdata\roaming\Malwarebytes 2012-12-25 19:02:08 -------- d-----w- c:\programdata\Malwarebytes 2012-12-25 19:02:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-25 19:02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-19 21:01:57 -------- d-----w- c:\programdata\eBay 2012-12-19 21:01:57 -------- d-----w- c:\program files\eBay 2012-12-19 20:27:36 -------- d-----w- c:\program files\Listing Factory 2012 2012-12-18 13:10:41 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys 2012-12-18 13:10:41 -------- d-----w- c:\users\elcot\appdata\roaming\CT_ZTEMT_USB 2012-12-18 13:10:23 -------- d-----w- c:\program files\ChinaTelDriverManager 2012-12-18 13:10:21 -------- d-----w- c:\users\elcot\appdata\roaming\chinatelecom 2012-12-18 13:10:15 -------- d---a-w- c:\program files\common files\B0B19AEC-413E-4654-86EE-3FD4E7655A93 2012-12-18 13:09:31 -------- d-----w- c:\program files\Chinatelecom C+W 2012-12-14 17:19:56 -------- d-----w- c:\program files\Microsoft ActiveSync 2012-12-14 15:56:23 -------- d-----w- c:\program files\Excel Password Unlocker 2012-12-14 15:45:34 -------- d-----w- c:\program files\PasswordLastic 2012-12-14 05:18:45 0 ----a-w- c:\windows\system32\sho7500.tmp 2012-12-13 21:01:44 0 ----a-w- c:\windows\system32\shoEB48.tmp 2012-12-11 17:43:58 0 ----a-w- c:\windows\system32\shoE72.tmp 2012-12-04 10:07:30 49152 ----a-r- c:\windows\system32\inetwh32.dll 2012-12-04 10:07:30 1044480 ----a-r- c:\windows\system32\roboex32.dll . ==================== Find3M ==================== . 2013-01-01 17:56:22 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-01-01 17:56:21 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2013-01-01 17:56:20 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2012-12-11 19:17:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-11 19:17:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-22 07:44:51 0 ----a-w- c:\windows\system32\shoA5A1.tmp 2012-11-22 02:56:02 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-11-21 08:09:34 0 ----a-w- c:\windows\system32\sho619F.tmp 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 20:29:04 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-30 16:53:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-30 16:53:27 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-30 16:53:27 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-20 12:02:09 854 ----a-w- c:\windows\system32\.tmp 2012-10-19 10:27:14 3993600 ----a-w- c:\program files\GUT1DAE.tmp 2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe 2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 16:17:06.27 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 16-12-2011 12:07:34 PM System Uptime: 02-01-2013 01:42:36 PM (3 hours ago) . Motherboard: LENOVO | | Base Board Product Name Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 59 GiB total, 7.528 GiB free. D: is FIXED (NTFS) - 141 GiB total, 2.441 GiB free. E: is CDROM (CDFS) G: is FIXED (NTFS) - 98 GiB total, 90.158 GiB free. H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP31: 02-01-2013 01:11:01 PM - Windows Update . ==== Installed Programs ====================== . µTorrent Acrobat.com Active@ KillDisk Professional Suite Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI BrowseToSave ChinaNet client Conexant HD Audio DHTML Editing Component DivX Setup Energy Management ETDWare PS/2-X86 8.0.4.3_WHQL Excel Password Recovery Lastic 1.1 Excel Password Unlocker 4.0.2.3 FileZilla Client 3.6.0.2 Google Chrome Google Gmail Notifier Google Talk (remove only) Google Update Helper Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology Java 7 Update 9 Java Auto Updater Kaspersky Internet Security 2013 Listing Factory 2012 3.8.9.5 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Professional Edition 2003 Microsoft Office Starter 2010 - English Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual J# 2.0 Redistributable Package Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PandoraRecovery (Remove Only) Realtek Ethernet Controller Driver For Windows 7 Reliance Netconnect+ Samsung Scan Assistant Samsung SCX-3200 Series Search Assistant MocaFlix 1.66 Skype™ 6.0 SUPERAntiSpyware TN Govt Keyboard Interface Total Video Converter 3.71 100812 TradeManager 2011 SP3 Turbo Lister 2 Tux Typing (remove only) VC80CRTRedist - 8.0.50727.6195 VLC media player 1.1.11 Windows Media Player Firefox Plugin WinRAR 4.20 (32-bit) Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 30-12-2012 09:13:50 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6541AEB5-5772-4C3C-990F-1F310287B830} because another computer on the network has the same name. The server could not start. 26-12-2012 11:43:23 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 26-12-2012 11:43:23 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 26-12-2012 11:43:23 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 26-12-2012 11:43:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 26-12-2012 01:20:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 26-12-2012 01:13:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 02-01-2013 01:45:02 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified. 02-01-2013 01:44:34 PM, Error: Service Control Manager [7023] - 02-01-2013 01:43:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Reliance Netconnect. OUC service to connect. 02-01-2013 01:43:38 PM, Error: Service Control Manager [7000] - The Reliance Netconnect. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 02-01-2013 01:43:30 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified. 02-01-2013 01:31:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243). 01-01-2013 11:53:10 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 01-01-2013 02:21:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom . ==== End Of File ===========================

Hi experts, Am so glad that i ve found this forum today. Yesterday i downloaded a game serial (blackops2 code) from the net. It looked something like blackops2nuketown.exe.. at that time i just had kis2012 installed in my system(which was not updated for several months).. i didnt get any threat warnings while installing blackops2nuketown.exe. But when i installed, a black window was opened and it was installing something in the background.. i suddenly cancelled the installation. Now am afraid that some bad program is being installed in my system. Hence yesterday i bought kis2013.. installed, updated and made a full scan.. i found a trojan on that blackops2nuketown.exe.. then i deleted it.. then after doing some surfing in the net, i came to know about malwarebytes and superantispyware.. i downloaded and installed the free editions of both of them.. at first i did a full scan with malwarebytes.. no threats were found.. but when i did a full scan with superantispyware, totally 61 threats were found... They are something like these:- Critical Threats: [1 item found] Rogue.agent/Gen-Nullo[DLL] Tracking Objects: [60 items found] Adware.Tracking cookie (Most of them were in the Google chrome cookies.. ) I deleted all of the above.. but am still fearing that whether my laptop is infected.. So i kindly request the experts here to guide me further.. Thanks a ton in advance.. (P.S: 1.Can i use kis2013 + malwarebytes free edition + superantispyware free edition on a same laptop? 2. And i excluded Malwarebytes from KIS2013 & Kaspersky lab from Malwarebytes exclusion/ignored list.. Is that correct? And will i have to the same thing with Superantispyware also? if so i have exclude Superantispyware in the other two and vice versa... am i correct? 3.I download many stuffs from net (from torrents too) )