ganbts7
-
Posts
19 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ganbts7
-
-
Thank u bro.. now everything is cleared... thanks a ton for ur help....
-
Bro.. thanks a lot for ur help.. i ve did all the above things..
Only one question:-
As i ve kis2013, i ve disabled Windows defender & Windows firefall, is this good?
-
DDS.Txt:-
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Elcot at 14:08:46 on 2013-01-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.1171 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\Reliance Netconnect+\OnlineUpdate\ouc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Reliance Netconnect+\Reliance Netconnect.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [sCX3200_Scan2Pc] c:\windows\twain_32\samsung\scx3200\Scan2pc.exe
mRun: [3200 Scan2PC] "c:\windows\twain_32\samsung\scx3200\Scan2Pc.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:32
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6541AEB5-5772-4C3C-990F-1F310287B830} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C37A259A-E6CE-4A5F-A224-A492F61BD270} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwangwang.dll
FF - plugin: c:\program files\trademanager\nptrademanager.dll
FF - plugin: c:\program files\trademanager\npwangwang.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\anti_banner@kaspersky.com
FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\content_blocker@kaspersky.com
FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\online_banking@kaspersky.com
FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\url_advisor@kaspersky.com
FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-11-29 13336]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-11-17 5120]
R2 UDisk Monitor;UDisk Monitor;c:\users\elcot\appdata\roaming\ct_ztemt_usb\MonServiceUDisk.exe [2012-12-18 507904]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2012-1-12 21520]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-10-19 73216]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-26 21104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-11-29 267880]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-26 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-26 682344]
S2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\reliance netconnect+\updatedog\ouc.exe [2012-10-19 218624]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-11-29 117032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-10-19 102784]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-12-18 105472]
.
=============== Created Last 30 ================
.
2013-01-03 06:01:49 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-02 13:44:05 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dca7fa35-869f-4111-b45c-900d517525b2}\offreg.dll
2013-01-02 08:06:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-02 08:06:50 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-02 08:05:38 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-01-02 08:05:34 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dca7fa35-869f-4111-b45c-900d517525b2}\mpengine.dll
2013-01-02 07:49:44 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-02 07:49:44 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-02 07:49:44 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-02 07:49:01 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-02 07:49:01 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-02 07:49:01 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-02 07:49:01 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-02 07:49:00 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-02 07:49:00 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-02 07:49:00 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-02 07:48:39 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-02 07:48:39 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-02 07:48:39 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-02 07:44:38 -------- d-----w- c:\program files\MSXML 4.0
2013-01-02 07:16:39 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-02 07:16:39 1159680 ----a-w- c:\windows\system32\crypt32.dll
2013-01-02 07:16:39 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-02 07:14:15 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-01-02 07:14:15 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-02 07:14:15 225280 ----a-w- c:\windows\system32\schannel.dll
2013-01-02 07:14:15 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-02 07:14:15 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-02 07:11:45 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-02 07:09:37 123904 ----a-w- c:\windows\system32\poqexec.exe
2013-01-02 07:09:35 442880 ----a-w- c:\windows\system32\ntshrui.dll
2013-01-02 07:09:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-02 07:09:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-02 07:09:22 2342400 ----a-w- c:\windows\system32\msi.dll
2013-01-02 07:09:18 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-02 07:08:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-01-02 05:55:47 -------- d-----w- c:\users\elcot\appdata\roaming\SUPERAntiSpyware.com
2013-01-02 05:55:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-02 05:55:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-01 16:25:57 -------- d-----w- c:\windows\ELAMBKUP
2013-01-01 16:25:50 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-01 16:25:50 -------- d-----w- c:\program files\Kaspersky Lab
2013-01-01 16:25:23 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-12-29 12:23:21 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2012-12-29 12:18:33 -------- d-----w- c:\users\elcot\appdata\roaming\SendSpace
2012-12-29 12:17:21 -------- d-----w- c:\program files\Optimizer Pro
2012-12-29 12:13:58 -------- d-----w- c:\program files\BrowseToSave
2012-12-28 15:38:22 -------- d-----w- c:\users\elcot\appdata\local\Programs
2012-12-27 06:06:06 -------- d-----w- c:\users\elcot\appdata\local\ElevatedDiagnostics
2012-12-25 19:02:18 -------- d-----w- c:\users\elcot\appdata\roaming\Malwarebytes
2012-12-25 19:02:08 -------- d-----w- c:\programdata\Malwarebytes
2012-12-25 19:02:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-25 19:02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-19 21:01:57 -------- d-----w- c:\programdata\eBay
2012-12-19 21:01:57 -------- d-----w- c:\program files\eBay
2012-12-19 20:27:36 -------- d-----w- c:\program files\Listing Factory 2012
2012-12-18 13:10:41 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2012-12-18 13:10:41 -------- d-----w- c:\users\elcot\appdata\roaming\CT_ZTEMT_USB
2012-12-18 13:10:23 -------- d-----w- c:\program files\ChinaTelDriverManager
2012-12-18 13:10:21 -------- d-----w- c:\users\elcot\appdata\roaming\chinatelecom
2012-12-18 13:10:15 -------- d---a-w- c:\program files\common files\B0B19AEC-413E-4654-86EE-3FD4E7655A93
2012-12-18 13:09:31 -------- d-----w- c:\program files\Chinatelecom C+W
2012-12-14 17:19:56 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-12-14 15:56:23 -------- d-----w- c:\program files\Excel Password Unlocker
2012-12-14 15:45:34 -------- d-----w- c:\program files\PasswordLastic
2012-12-04 10:07:30 49152 ----a-r- c:\windows\system32\inetwh32.dll
2012-12-04 10:07:30 1044480 ----a-r- c:\windows\system32\roboex32.dll
.
==================== Find3M ====================
.
2013-01-01 17:56:22 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-01-01 17:56:21 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-01-01 17:56:20 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-12-11 19:17:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 19:17:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-22 02:56:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 20:29:04 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-30 16:53:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-30 16:53:27 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-30 16:53:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-19 10:27:14 3993600 ----a-w- c:\program files\GUT1DAE.tmp
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
============= FINISH: 14:09:35.98 ===============
Attach.Txt:-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16-12-2011 12:07:34 PM
System Uptime: 03-01-2013 12:21:38 PM (2 hours ago)
.
Motherboard: LENOVO | | Base Board Product Name
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 1196/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 8.716 GiB free.
D: is FIXED (NTFS) - 141 GiB total, 2.441 GiB free.
E: is CDROM (CDFS)
G: is FIXED (NTFS) - 98 GiB total, 90.163 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Active@ KillDisk Professional Suite
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
ChinaNet client
Conexant HD Audio
DHTML Editing Component
DivX Setup
Energy Management
ETDWare PS/2-X86 8.0.4.3_WHQL
Excel Password Recovery Lastic 1.1
Excel Password Unlocker 4.0.2.3
FileZilla Client 3.6.0.2
Google Chrome
Google Gmail Notifier
Google Talk (remove only)
Google Update Helper
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java 7 Update 9
Java Auto Updater
Kaspersky Internet Security 2013
Listing Factory 2012 3.8.9.5
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Professional Edition 2003
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PandoraRecovery (Remove Only)
Realtek Ethernet Controller Driver For Windows 7
Reliance Netconnect+
Samsung Scan Assistant
Samsung SCX-3200 Series
Skype™ 6.0
SUPERAntiSpyware
TN Govt Keyboard Interface
Total Video Converter 3.71 100812
TradeManager 2011 SP3
Turbo Lister 2
Tux Typing (remove only)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
30-12-2012 09:13:50 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6541AEB5-5772-4C3C-990F-1F310287B830} because another computer on the network has the same name. The server could not start.
03-01-2013 12:25:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
03-01-2013 12:22:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
03-01-2013 12:22:20 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
03-01-2013 12:22:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Reliance Netconnect. OUC service to connect.
03-01-2013 12:22:00 PM, Error: Service Control Manager [7000] - The Reliance Netconnect. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03-01-2013 12:21:51 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
03-01-2013 12:15:54 PM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
03-01-2013 11:32:37 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
03-01-2013 01:32:29 AM, Error: Service Control Manager [7034] - The UDisk Monitor service terminated unexpectedly. It has done this 1 time(s).
03-01-2013 01:32:29 AM, Error: Service Control Manager [7034] - The HWDeviceService.exe service terminated unexpectedly. It has done this 1 time(s).
02-01-2013 11:47:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
02-01-2013 11:21:26 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02-01-2013 07:30:54 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
02-01-2013 01:44:34 PM, Error: Service Control Manager [7023] -
02-01-2013 01:31:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
.
==== End Of File ===========================
-
Hi bro... i ve done all the above steps as per your suggestion.. and to my knowledge there are no problems i guess..
Is there anything else to do?
-
No issues now bro.. so was everything alright?
-
Mbam log:-
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.02.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Elcot :: ELCOT-PC [administrator]
Protection: Disabled
02-01-2013 PM 11:26:58
mbam-log-2013-01-02 (23-26-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194140
Time elapsed: 4 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
CF log 2:-
ComboFix 13-01-02.02 - Elcot 02-01-2013 23:08:59.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.1272 [GMT 5.5:30]
Running from: c:\users\Elcot\Desktop\ComboFix.exe
Command switches used :: c:\users\Elcot\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 )))))))))))))))))))))))))))))))
.
.
2013-01-02 17:51 . 2013-01-02 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-02 14:11 . 2013-01-02 14:11 -------- d-----w- C:\_OTM
2013-01-02 13:44 . 2013-01-02 13:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\offreg.dll
2013-01-02 08:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-02 08:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-02 08:05 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\mpengine.dll
2013-01-02 07:49 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-02 07:49 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-02 07:49 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-02 07:49 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-02 07:49 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-02 07:49 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-02 07:49 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-02 07:49 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-02 07:49 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-02 07:49 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-02 07:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-02 07:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-02 07:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-02 07:44 . 2013-01-02 07:44 -------- d-----w- c:\program files\MSXML 4.0
2013-01-02 07:16 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-02 07:16 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2013-01-02 07:16 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-02 07:14 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-01-02 07:14 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-02 07:14 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-02 07:14 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2013-01-02 07:14 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-02 07:11 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-02 07:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2013-01-02 07:09 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2013-01-02 07:09 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-02 07:09 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-02 07:09 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2013-01-02 07:09 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-02 07:08 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\users\Elcot\AppData\Roaming\SUPERAntiSpyware.com
2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\windows\ELAMBKUP
2013-01-01 16:25 . 2013-01-02 16:03 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\program files\Kaspersky Lab
2013-01-01 16:25 . 2012-08-13 12:54 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-12-29 12:23 . 2012-12-29 12:23 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2012-12-29 12:18 . 2012-12-29 12:18 -------- d-----w- c:\users\Elcot\AppData\Roaming\SendSpace
2012-12-29 12:17 . 2013-01-02 14:11 -------- d-----w- c:\program files\Optimizer Pro
2012-12-29 12:13 . 2013-01-02 14:11 -------- d-----w- c:\program files\BrowseToSave
2012-12-28 15:38 . 2012-12-28 15:38 -------- d-----w- c:\users\Elcot\AppData\Local\Programs
2012-12-27 06:06 . 2012-12-27 06:06 -------- d-----w- c:\users\Elcot\AppData\Local\ElevatedDiagnostics
2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\users\Elcot\AppData\Roaming\Malwarebytes
2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\programdata\Malwarebytes
2012-12-25 19:02 . 2012-12-28 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-25 19:02 . 2012-12-14 11:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\programdata\eBay
2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\program files\eBay
2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\Listing Factory 2012
2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\CT_ZTEMT_USB
2012-12-18 13:10 . 2009-11-18 14:20 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\program files\ChinaTelDriverManager
2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\chinatelecom
2012-12-18 13:10 . 2012-12-18 13:10 -------- d---a-w- c:\program files\Common Files\B0B19AEC-413E-4654-86EE-3FD4E7655A93
2012-12-18 13:09 . 2012-12-18 13:09 -------- d-----w- c:\program files\Chinatelecom C+W
2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft.NET
2012-12-14 15:56 . 2012-12-14 16:00 -------- d-----w- c:\program files\Excel Password Unlocker
2012-12-14 15:45 . 2012-12-14 15:45 -------- d-----w- c:\program files\PasswordLastic
2012-12-14 05:18 . 2012-12-14 05:18 0 ----a-w- c:\windows\system32\sho7500.tmp
2012-12-13 21:01 . 2012-12-13 21:01 0 ----a-w- c:\windows\system32\shoEB48.tmp
2012-12-11 17:52 . 2012-12-11 17:52 -------- d-----w- c:\program files\FileZilla FTP Client
2012-12-11 17:43 . 2012-12-11 17:43 0 ----a-w- c:\windows\system32\shoE72.tmp
2012-12-05 12:27 . 2012-12-30 13:09 -------- d-----w- c:\users\Elcot\AppData\Roaming\FileZilla
2012-12-04 10:07 . 2012-12-04 10:07 49152 ----a-r- c:\windows\system32\inetwh32.dll
2012-12-04 10:07 . 2012-12-04 10:07 1044480 ----a-r- c:\windows\system32\roboex32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-01 17:56 . 2012-06-08 06:08 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-01-01 17:56 . 2012-07-25 09:23 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-01-01 17:56 . 2012-05-25 14:08 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-12-11 19:17 . 2012-10-19 11:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 19:17 . 2012-10-19 11:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-22 07:44 . 2012-11-22 07:44 0 ----a-w- c:\windows\system32\shoA5A1.tmp
2012-11-21 08:09 . 2012-11-21 08:09 0 ----a-w- c:\windows\system32\sho619F.tmp
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-12 10:27 . 2012-10-24 13:28 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-02 09:57 . 2012-10-25 10:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-10-30 16:53 . 2012-10-30 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-30 16:53 . 2012-10-30 16:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 16:53 . 2012-10-30 16:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-24 13:28 . 2012-10-24 13:28 292176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-20 12:02 . 2012-10-20 12:02 854 ----a-w- c:\windows\system32\.tmp
2012-10-19 10:27 . 2012-10-19 10:24 3993600 ----a-w- c:\program files\GUT1DAE.tmp
2012-10-19 09:57 . 2012-10-19 09:58 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-19 09:57 . 2012-10-19 09:58 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-10-19 09:57 . 2012-10-19 09:58 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-19 09:57 . 2012-10-19 09:58 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-19 09:57 . 2012-10-19 09:58 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-19 09:57 . 2012-10-19 09:58 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-10-19 09:57 . 2012-10-19 09:58 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-19 09:57 . 2012-10-19 09:58 353280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-10-19 09:57 . 2012-10-19 09:58 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-10-19 09:57 . 2012-10-19 09:58 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-10-19 09:57 . 2012-10-19 09:58 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-10-19 09:57 . 2012-10-19 09:58 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-16 07:39 . 2013-01-02 07:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-12-05 23:11 . 2012-12-05 23:11 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\_OTM ----
.
2012-12-29 12:17 . 2012-10-21 14:55 24517936 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Program Files\Optimizer Pro\OptimizerPro.exe
2012-12-29 12:11 . 2012-12-29 12:11 308584 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_$RECYCLE.BIN\S-1-5-21-2551219980-1859055015-87672157-1000\$R6U8DNY.exe
2012-12-18 19:09 . 2012-12-18 19:09 686728 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe
2012-12-01 21:16 . 2012-12-01 21:16 686728 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe
2012-12-01 21:16 . 2012-12-01 21:16 686728 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part
2012-10-03 17:39 . 2012-10-03 17:39 355328 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Program Files\BrowseToSave\sprotector.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-10-21 322352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17879216]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-01-20 1812264]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2010-01-11 4147104]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2010-01-11 5068704]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-01 356376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\Reliance Netconnect+\UpdateDog\ouc.exe [x]
R2 UDisk Monitor;UDisk Monitor;c:\users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 19:17]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\
FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-02 23:23:43
ComboFix-quarantined-files.txt 2013-01-02 17:53
ComboFix2.txt 2013-01-02 15:33
.
Pre-Run: 7,577,034,752 bytes free
Post-Run: 8,550,887,424 bytes free
.
- - End Of File - - 5E2DF25793383E57F15F9E73A692E479
-
Hi bro.. the following is the ComboFix log:-
ComboFix 13-01-02.01 - Elcot 02-01-2013 20:45:24.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.1175 [GMT 5.5:30]
Running from: c:\users\Elcot\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 )))))))))))))))))))))))))))))))
.
.
2013-01-02 15:30 . 2013-01-02 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-02 14:11 . 2013-01-02 14:11 -------- d-----w- C:\_OTM
2013-01-02 13:44 . 2013-01-02 13:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\offreg.dll
2013-01-02 08:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-02 08:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-02 08:05 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\mpengine.dll
2013-01-02 07:49 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-02 07:49 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-02 07:49 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-02 07:49 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-02 07:49 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-02 07:49 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-02 07:49 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-02 07:49 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-02 07:49 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-02 07:49 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-02 07:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-02 07:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-02 07:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-02 07:44 . 2013-01-02 07:44 -------- d-----w- c:\program files\MSXML 4.0
2013-01-02 07:16 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-02 07:16 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2013-01-02 07:16 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-02 07:14 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-01-02 07:14 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-02 07:14 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-02 07:14 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2013-01-02 07:14 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-02 07:11 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-02 07:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2013-01-02 07:09 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2013-01-02 07:09 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-02 07:09 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-02 07:09 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2013-01-02 07:09 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-02 07:08 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\users\Elcot\AppData\Roaming\SUPERAntiSpyware.com
2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\windows\ELAMBKUP
2013-01-01 16:25 . 2013-01-02 14:31 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\program files\Kaspersky Lab
2013-01-01 16:25 . 2012-08-13 12:54 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-12-29 12:23 . 2012-12-29 12:23 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2012-12-29 12:18 . 2012-12-29 12:18 -------- d-----w- c:\users\Elcot\AppData\Roaming\SendSpace
2012-12-29 12:17 . 2013-01-02 14:11 -------- d-----w- c:\program files\Optimizer Pro
2012-12-29 12:13 . 2013-01-02 14:11 -------- d-----w- c:\program files\BrowseToSave
2012-12-28 15:38 . 2012-12-28 15:38 -------- d-----w- c:\users\Elcot\AppData\Local\Programs
2012-12-27 06:06 . 2012-12-27 06:06 -------- d-----w- c:\users\Elcot\AppData\Local\ElevatedDiagnostics
2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\users\Elcot\AppData\Roaming\Malwarebytes
2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\programdata\Malwarebytes
2012-12-25 19:02 . 2012-12-28 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-25 19:02 . 2012-12-14 11:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\programdata\eBay
2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\program files\eBay
2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\Listing Factory 2012
2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\CT_ZTEMT_USB
2012-12-18 13:10 . 2009-11-18 14:20 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\program files\ChinaTelDriverManager
2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\chinatelecom
2012-12-18 13:10 . 2012-12-18 13:10 -------- d---a-w- c:\program files\Common Files\B0B19AEC-413E-4654-86EE-3FD4E7655A93
2012-12-18 13:09 . 2012-12-18 13:09 -------- d-----w- c:\program files\Chinatelecom C+W
2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft.NET
2012-12-14 15:56 . 2012-12-14 16:00 -------- d-----w- c:\program files\Excel Password Unlocker
2012-12-14 15:45 . 2012-12-14 15:45 -------- d-----w- c:\program files\PasswordLastic
2012-12-14 05:18 . 2012-12-14 05:18 0 ----a-w- c:\windows\system32\sho7500.tmp
2012-12-13 21:01 . 2012-12-13 21:01 0 ----a-w- c:\windows\system32\shoEB48.tmp
2012-12-11 17:52 . 2012-12-11 17:52 -------- d-----w- c:\program files\FileZilla FTP Client
2012-12-11 17:43 . 2012-12-11 17:43 0 ----a-w- c:\windows\system32\shoE72.tmp
2012-12-05 12:27 . 2012-12-30 13:09 -------- d-----w- c:\users\Elcot\AppData\Roaming\FileZilla
2012-12-04 10:07 . 2012-12-04 10:07 49152 ----a-r- c:\windows\system32\inetwh32.dll
2012-12-04 10:07 . 2012-12-04 10:07 1044480 ----a-r- c:\windows\system32\roboex32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-01 17:56 . 2012-06-08 06:08 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-01-01 17:56 . 2012-07-25 09:23 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-01-01 17:56 . 2012-05-25 14:08 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-12-11 19:17 . 2012-10-19 11:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 19:17 . 2012-10-19 11:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-22 07:44 . 2012-11-22 07:44 0 ----a-w- c:\windows\system32\shoA5A1.tmp
2012-11-21 08:09 . 2012-11-21 08:09 0 ----a-w- c:\windows\system32\sho619F.tmp
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-12 10:27 . 2012-10-24 13:28 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-02 09:57 . 2012-10-25 10:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-10-30 16:53 . 2012-10-30 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-30 16:53 . 2012-10-30 16:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 16:53 . 2012-10-30 16:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-24 13:28 . 2012-10-24 13:28 292176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-20 12:02 . 2012-10-20 12:02 854 ----a-w- c:\windows\system32\.tmp
2012-10-19 10:27 . 2012-10-19 10:24 3993600 ----a-w- c:\program files\GUT1DAE.tmp
2012-10-19 09:57 . 2012-10-19 09:58 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-19 09:57 . 2012-10-19 09:58 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-10-19 09:57 . 2012-10-19 09:58 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-19 09:57 . 2012-10-19 09:58 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-19 09:57 . 2012-10-19 09:58 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-19 09:57 . 2012-10-19 09:58 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-10-19 09:57 . 2012-10-19 09:58 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-19 09:57 . 2012-10-19 09:58 353280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-10-19 09:57 . 2012-10-19 09:58 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-10-19 09:57 . 2012-10-19 09:58 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-10-19 09:57 . 2012-10-19 09:58 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-10-19 09:57 . 2012-10-19 09:58 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-16 07:39 . 2013-01-02 07:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-12-05 23:11 . 2012-12-05 23:11 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-10-21 322352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17879216]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-01-20 1812264]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2010-01-11 4147104]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2010-01-11 5068704]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-01 356376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\Reliance Netconnect+\UpdateDog\ouc.exe [x]
R2 UDisk Monitor;UDisk Monitor;c:\users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 19:17]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\
FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe
AddRemove-{7F13A6D8-FEAD-1A9C-F877-B68FA4F0842E} - c:\progra~2\INSTAL~1\{7F13A~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-02 21:03:00
ComboFix-quarantined-files.txt 2013-01-02 15:32
.
Pre-Run: 8,186,839,040 bytes free
Post-Run: 8,283,389,952 bytes free
.
- - End Of File - - B26B0552E4E0AEA16AE6D7A36A6331B7
-
Ya i have seen the blank screen in the desktop when i run OTM.. as u told me to post the results in this forum, i was unable to post it.. bcos as none of programs are visible in the desktop, i just had a only option of pressing the Power button to shutdown.. any ideas bro?
Will i ve to proceed with combofix bro?
-
When i click "Move It" once again the screen went black bro... then i pressed the power button, shut down my laptop and opened.. so any ideas pls?
P.S: I get the following error msg when i click "Move It"
Invalid Time Flag!
[instlleRex.E.Gen Application] Must be Numerical
-
Bro.. after copying the results from the result page, i closed OTM by mistake.. the screen went black and i cant be able to do anything.. very sorry for that.. can i redo the process again?
-
Security Check:-
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader XI
Mozilla Firefox (17.0.1)
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Reliance Netconnect+ OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
-
Eset Scan:-
(40 threats found)
C:\$RECYCLE.BIN\S-1-5-21-2551219980-1859055015-87672157-1000\$R6U8DNY.exe Win32/InstalleRex.E.Gen application
C:\Documents and Settings\Elcot\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Documents and Settings\Elcot\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Documents and Settings\Elcot\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
C:\Documents and Settings\Elcot\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Documents and Settings\Elcot\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Documents and Settings\Elcot\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
C:\Documents and Settings\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Documents and Settings\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Documents and Settings\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
C:\Documents and Settings\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Documents and Settings\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Documents and Settings\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe a variant of Win32/CNETInstaller.A application
C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part a variant of Win32/CNETInstaller.A application
C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe a variant of Win32/CNETInstaller.A application
C:\Documents and Settings\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Documents and Settings\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Documents and Settings\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
C:\Documents and Settings\Elcot\Local Settings\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Documents and Settings\Elcot\Local Settings\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Documents and Settings\Elcot\Local Settings\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
C:\Program Files\BrowseToSave\sprotector.dll a variant of Win32/SProtector.A application
C:\Program Files\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application
C:\Users\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Users\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Users\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
C:\Users\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Users\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Users\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe a variant of Win32/CNETInstaller.A application
C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part a variant of Win32/CNETInstaller.A application
C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe a variant of Win32/CNETInstaller.A application
C:\Users\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Users\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Users\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
C:\Users\Elcot\Local Settings\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application
C:\Users\Elcot\Local Settings\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application
C:\Users\Elcot\Local Settings\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application
D:\EARN ONLINEEEE\GTX Tech\E3 CFW 4.30 and manager.zip.exe Win32/InstalleRex.E.Gen application
-
Ya.. in progress bro..
-
AdwCleaner:-
# AdwCleaner v2.104 - Logfile created 01/02/2013 at 17:21:47
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Elcot - ELCOT-PC
# Boot Mode : Normal
# Running from : C:\Users\Elcot\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\searchplugins\WebSearch.xml
Folder Deleted : C:\Program Files\MocaFlix
Folder Deleted : C:\ProgramData\InstallMate
***** [Registry] *****
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\mocaflix\sprote~1.dll
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/ --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/ --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\prefs.js
C:\Users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\user.js ... Deleted !
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.just-browse.info/?l=1&q=");
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.just-browse.info/");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("keyword.URL", "hxxp://websearch.just-browse.info/?l=1&q=");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.just-browse.info/")[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.just-browse.info/?l=1&q=");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Elcot\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [3498 octets] - [02/01/2013 17:21:47]
########## EOF - C:\AdwCleaner[s1].txt - [3558 octets] ##########
-
Btw i dont know how to disable script blocker.. hence i disabled kis2013 & net connection and installed dds...... is that ok..?
-
Thanks a lot for ur help & quick reply.. the following are the logs..
DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Elcot at 16:15:58 on 2013-01-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.835 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Reliance Netconnect+\OnlineUpdate\ouc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Reliance Netconnect+\Reliance Netconnect.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\calc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.just-browse.info/
mStart Page = hxxp://websearch.just-browse.info/
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [sCX3200_Scan2Pc] c:\windows\twain_32\samsung\scx3200\Scan2pc.exe
mRun: [3200 Scan2PC] "c:\windows\twain_32\samsung\scx3200\Scan2Pc.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:32
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6541AEB5-5772-4C3C-990F-1F310287B830} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C37A259A-E6CE-4A5F-A224-A492F61BD270} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\browse~1\sprote~1.dll c:\progra~1\mocaflix\sprote~1.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.just-browse.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.just-browse.info/
FF - prefs.js: keyword.URL - hxxp://websearch.just-browse.info/?l=1&q=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwangwang.dll
FF - plugin: c:\program files\trademanager\nptrademanager.dll
FF - plugin: c:\program files\trademanager\npwangwang.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-02 20:55; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\anti_banner@kaspersky.com
FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\content_blocker@kaspersky.com
FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\online_banking@kaspersky.com
FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\url_advisor@kaspersky.com
FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\virtual_keyboard@kaspersky.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-11-29 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-26 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-26 682344]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-11-17 5120]
R2 UDisk Monitor;UDisk Monitor;c:\users\elcot\appdata\roaming\ct_ztemt_usb\MonServiceUDisk.exe [2012-12-18 507904]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2012-1-12 21520]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-10-19 73216]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-26 21104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-11-29 267880]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]
S2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\reliance netconnect+\updatedog\ouc.exe [2012-10-19 218624]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-11-29 117032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-10-19 102784]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-12-18 105472]
.
=============== Created Last 30 ================
.
2013-01-02 08:06:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-02 08:06:50 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-02 08:05:38 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-01-02 08:05:34 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dca7fa35-869f-4111-b45c-900d517525b2}\mpengine.dll
2013-01-02 07:49:44 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-02 07:49:44 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-02 07:49:44 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-02 07:49:01 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-02 07:49:01 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-02 07:49:01 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-02 07:49:01 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-02 07:49:00 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-02 07:49:00 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-02 07:49:00 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-02 07:48:39 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-02 07:48:39 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-02 07:48:39 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-02 07:44:38 -------- d-----w- c:\program files\MSXML 4.0
2013-01-02 07:16:39 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-02 07:16:39 1159680 ----a-w- c:\windows\system32\crypt32.dll
2013-01-02 07:16:39 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-02 07:14:15 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-01-02 07:14:15 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-02 07:14:15 225280 ----a-w- c:\windows\system32\schannel.dll
2013-01-02 07:14:15 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-02 07:14:15 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-02 07:11:45 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-02 07:09:37 123904 ----a-w- c:\windows\system32\poqexec.exe
2013-01-02 07:09:35 442880 ----a-w- c:\windows\system32\ntshrui.dll
2013-01-02 07:09:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-02 07:09:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-02 07:09:22 2342400 ----a-w- c:\windows\system32\msi.dll
2013-01-02 07:09:18 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-02 07:08:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-01-02 05:55:47 -------- d-----w- c:\users\elcot\appdata\roaming\SUPERAntiSpyware.com
2013-01-02 05:55:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-02 05:55:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-01 16:25:57 -------- d-----w- c:\windows\ELAMBKUP
2013-01-01 16:25:50 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-01 16:25:50 -------- d-----w- c:\program files\Kaspersky Lab
2013-01-01 16:25:23 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-12-29 12:23:21 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2012-12-29 12:18:33 -------- d-----w- c:\users\elcot\appdata\roaming\SendSpace
2012-12-29 12:18:18 -------- d-----w- c:\program files\MocaFlix
2012-12-29 12:17:21 -------- d-----w- c:\program files\Optimizer Pro
2012-12-29 12:13:58 -------- d-----w- c:\program files\BrowseToSave
2012-12-29 12:12:37 -------- d-----w- c:\programdata\InstallMate
2012-12-28 15:38:22 -------- d-----w- c:\users\elcot\appdata\local\Programs
2012-12-27 06:06:06 -------- d-----w- c:\users\elcot\appdata\local\ElevatedDiagnostics
2012-12-25 19:02:18 -------- d-----w- c:\users\elcot\appdata\roaming\Malwarebytes
2012-12-25 19:02:08 -------- d-----w- c:\programdata\Malwarebytes
2012-12-25 19:02:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-25 19:02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-19 21:01:57 -------- d-----w- c:\programdata\eBay
2012-12-19 21:01:57 -------- d-----w- c:\program files\eBay
2012-12-19 20:27:36 -------- d-----w- c:\program files\Listing Factory 2012
2012-12-18 13:10:41 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2012-12-18 13:10:41 -------- d-----w- c:\users\elcot\appdata\roaming\CT_ZTEMT_USB
2012-12-18 13:10:23 -------- d-----w- c:\program files\ChinaTelDriverManager
2012-12-18 13:10:21 -------- d-----w- c:\users\elcot\appdata\roaming\chinatelecom
2012-12-18 13:10:15 -------- d---a-w- c:\program files\common files\B0B19AEC-413E-4654-86EE-3FD4E7655A93
2012-12-18 13:09:31 -------- d-----w- c:\program files\Chinatelecom C+W
2012-12-14 17:19:56 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-12-14 15:56:23 -------- d-----w- c:\program files\Excel Password Unlocker
2012-12-14 15:45:34 -------- d-----w- c:\program files\PasswordLastic
2012-12-14 05:18:45 0 ----a-w- c:\windows\system32\sho7500.tmp
2012-12-13 21:01:44 0 ----a-w- c:\windows\system32\shoEB48.tmp
2012-12-11 17:43:58 0 ----a-w- c:\windows\system32\shoE72.tmp
2012-12-04 10:07:30 49152 ----a-r- c:\windows\system32\inetwh32.dll
2012-12-04 10:07:30 1044480 ----a-r- c:\windows\system32\roboex32.dll
.
==================== Find3M ====================
.
2013-01-01 17:56:22 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-01-01 17:56:21 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-01-01 17:56:20 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-12-11 19:17:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 19:17:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-22 07:44:51 0 ----a-w- c:\windows\system32\shoA5A1.tmp
2012-11-22 02:56:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-21 08:09:34 0 ----a-w- c:\windows\system32\sho619F.tmp
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 20:29:04 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-30 16:53:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-30 16:53:27 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-30 16:53:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-20 12:02:09 854 ----a-w- c:\windows\system32\.tmp
2012-10-19 10:27:14 3993600 ----a-w- c:\program files\GUT1DAE.tmp
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 16:17:06.27 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16-12-2011 12:07:34 PM
System Uptime: 02-01-2013 01:42:36 PM (3 hours ago)
.
Motherboard: LENOVO | | Base Board Product Name
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 7.528 GiB free.
D: is FIXED (NTFS) - 141 GiB total, 2.441 GiB free.
E: is CDROM (CDFS)
G: is FIXED (NTFS) - 98 GiB total, 90.158 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP31: 02-01-2013 01:11:01 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Active@ KillDisk Professional Suite
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
BrowseToSave
ChinaNet client
Conexant HD Audio
DHTML Editing Component
DivX Setup
Energy Management
ETDWare PS/2-X86 8.0.4.3_WHQL
Excel Password Recovery Lastic 1.1
Excel Password Unlocker 4.0.2.3
FileZilla Client 3.6.0.2
Google Chrome
Google Gmail Notifier
Google Talk (remove only)
Google Update Helper
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java 7 Update 9
Java Auto Updater
Kaspersky Internet Security 2013
Listing Factory 2012 3.8.9.5
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Professional Edition 2003
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PandoraRecovery (Remove Only)
Realtek Ethernet Controller Driver For Windows 7
Reliance Netconnect+
Samsung Scan Assistant
Samsung SCX-3200 Series
Search Assistant MocaFlix 1.66
Skype™ 6.0
SUPERAntiSpyware
TN Govt Keyboard Interface
Total Video Converter 3.71 100812
TradeManager 2011 SP3
Turbo Lister 2
Tux Typing (remove only)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
30-12-2012 09:13:50 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6541AEB5-5772-4C3C-990F-1F310287B830} because another computer on the network has the same name. The server could not start.
26-12-2012 11:43:23 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
26-12-2012 11:43:23 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
26-12-2012 11:43:23 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
26-12-2012 11:43:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
26-12-2012 01:20:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
26-12-2012 01:13:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
02-01-2013 01:45:02 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
02-01-2013 01:44:34 PM, Error: Service Control Manager [7023] -
02-01-2013 01:43:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Reliance Netconnect. OUC service to connect.
02-01-2013 01:43:38 PM, Error: Service Control Manager [7000] - The Reliance Netconnect. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02-01-2013 01:43:30 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
02-01-2013 01:31:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
01-01-2013 11:53:10 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
01-01-2013 02:21:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
.
==== End Of File ===========================
-
Hi experts,
Am so glad that i ve found this forum today. Yesterday i downloaded a game serial (blackops2 code) from the net. It looked something like blackops2nuketown.exe.. at that time i just had kis2012 installed in my system(which was not updated for several months).. i didnt get any threat warnings while installing blackops2nuketown.exe. But when i installed, a black window was opened and it was installing something in the background.. i suddenly cancelled the installation. Now am afraid that some bad program is being installed in my system.
Hence yesterday i bought kis2013.. installed, updated and made a full scan.. i found a trojan on that blackops2nuketown.exe.. then i deleted it.. then after doing some surfing in the net, i came to know about malwarebytes and superantispyware.. i downloaded and installed the free editions of both of them.. at first i did a full scan with malwarebytes.. no threats were found.. but when i did a full scan with superantispyware, totally 61 threats were found...
They are something like these:-
Critical Threats: [1 item found]
Rogue.agent/Gen-Nullo[DLL]
Tracking Objects: [60 items found]
Adware.Tracking cookie
(Most of them were in the Google chrome cookies.. )
I deleted all of the above.. but am still fearing that whether my laptop is infected..
So i kindly request the experts here to guide me further.. Thanks a ton in advance..
(P.S:
1.Can i use kis2013 + malwarebytes free edition + superantispyware free edition on a same laptop?
2. And i excluded Malwarebytes from KIS2013 & Kaspersky lab from Malwarebytes exclusion/ignored list.. Is that correct? And will i have to the same thing with Superantispyware also? if so i have exclude Superantispyware in the other two and vice versa... am i correct?
3.I download many stuffs from net (from torrents too)
)
Kindly help this newbie wth threats!
in Resolved Malware Removal Logs
Posted
Thank you bro.. God bless you and your family..