beatit

It's a DLL, so it's fine in Windows directory As I wrote above,I deleted all its traces. If you want you can download it at http://osenxpsuite.net/?xp=3 The link is http://link.osenxpsuite.net/?uid=homepage&id=sqlite2009pro.zip

From start of ComboFix log reported above: ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0410.exe c:\windows\sqliteodbc2010.dll As you can see, it was SQLite ODBC driver. As we both said,there were ways to easily recover, but what if someone doesn't notice it immediately, then run into trouble 1 month later,and is not an expert?

Thanks for your help. I just checked some software of mine as I saw that ComboFix deleted an ODBC driver. It didn't work - as I thought -, I had to use another driver, and had to dig in the registry (both manually and with cleaners) to eliminate all the references to the old driver (removing it from ODBC system was impossible as the DLL must be there to be deleted). Some antivirus already signaled it as malware, but I thought (and still think) it probably was a false positive, as I knew where it came from, and used it for some time without having any problem. As ComboFix makes a restore point before its operations,this could have been solved even by a novice; anyway the problem for some people could have been that some time could have passed before they used the software which uses the ODBC driver,this could have refused to work and they might not have linked this problem with ComboFix. In other words, they could have found their software not working without knowing why. So, I'd suggest that if you decide to use ComboFix (particularly if machine already works fine as in my case), be careful with what ComboFix deletes, and if you see something important like an ODBC driver, give a hint like "you may want to check all your software which uses databases"

Note that I use no-installation antivirus programs (I don't have any installed) Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x86 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` CCleaner Auslogics Registry Cleaner Java 6 Update 45 Java version out of Date! Adobe Flash Player 11.7.700.224 Mozilla Thunderbird (17.0.8) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````

My computer is running the same as when we started, that is, fine. Malware Bytes found nothing. Did you see any serious problems in the logs? Thanks # AdwCleaner v3.006 - Report created 04/10/2013 at 20:55:39 # Updated 01/10/2013 by Xplode # Operating System : Windows 7 Starter Service Pack 1 (32 bits) # Username : Franz - OLIBOOK # Running from : C:\Users\Franz\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Franz\AppData\Roaming\dvdvideosoftiehelpers ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-youtube-download_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-youtube-download_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\PIP ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7601.17514 ************************* AdwCleaner[R0].txt - [1535 octets] - [04/10/2013 20:51:18] AdwCleaner[s0].txt - [1480 octets] - [04/10/2013 20:55:39] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1540 octets] ########## Malwarebytes Anti-Malware (Prova) 1.75.0.1300 www.malwarebytes.org Versione database: v2013.10.04.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Franz :: OLIBOOK [amministratore] Protezione: Attivata 04/10/2013 21:01:51 mbam-log-2013-10-04 (21-01-51).txt Tipo di scansione: Scansione veloce Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM Opzioni di scansione disattivate: P2P Elementi esaminati: 211944 Tempo impiegato: 7 minuti, 37 secondi Processi rilevati in memoria: 0 (non sono stati rilevati elementi nocivi) Moduli di memoria rilevati: 0 (non sono stati rilevati elementi nocivi) Chiavi di registro rilevate: 0 (non sono stati rilevati elementi nocivi) Valori di registro rilevati: 0 (non sono stati rilevati elementi nocivi) Voci rilevate nei dati di registro: 0 (non sono stati rilevati elementi nocivi) Cartelle rilevate: 0 (non sono stati rilevati elementi nocivi) File rilevati: 0 (non sono stati rilevati elementi nocivi) (fine)

Here it is. Note that some system services (like for example System Restore) were disabled by me. ComboFix 13-10-04.02 - Franz 04/10/2013 20:12:42.1.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.39.1040.18.1013.441 [GMT 2:00] Eseguito da: c:\users\Franz\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Creato nuovo punto di ripristino . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0410.exe c:\windows\sqliteodbc2010.dll . . ((((((((((((((((((((((((( Files Creati Da 2013-09-04 al 2013-10-04 ))))))))))))))))))))))))))))))))))) . . 2013-10-04 18:25 . 2013-10-04 18:27 -------- d-----w- c:\users\Franz\AppData\Local\temp 2013-10-04 04:39 . 2013-10-04 05:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-04 04:04 . 2013-10-04 04:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-10-04 04:04 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-04 04:04 . 2013-10-04 04:04 -------- d-----w- c:\users\Franz\AppData\Local\Programs 2013-10-04 03:34 . 2013-10-04 03:34 4425448 ----a-w- C:\avg_free_stb_all_2014_4116_cnet.exe 2013-10-04 03:33 . 2013-10-04 03:34 131918888 ----a-w- C:\avast_free_antivirus_setup.exe 2013-10-04 03:31 . 2013-10-04 03:31 80456 ----a-w- C:\mbam-clean-1.60.2.0003.exe 2013-10-04 03:29 . 2013-10-04 03:29 65232 ----a-w- C:\regassassin-setup-1.03.exe 2013-10-04 03:29 . 2013-10-04 03:29 204496 ----a-w- C:\startuplite-setup-1.07.exe 2013-10-04 03:28 . 2013-10-04 03:28 12907592 ----a-w- C:\mbar-1.07.0.1005.exe 2013-10-04 03:27 . 2013-10-04 03:27 10285040 ----a-w- C:\mbam-setup-1.75.0.1300.exe 2013-10-04 03:25 . 2013-10-04 03:29 131606136 ----a-w- C:\cureit.exe 2013-10-04 01:36 . 2013-06-09 19:59 216064 ----a-w- c:\windows\system32\gcapi_dll.dll 2013-10-04 01:36 . 2013-10-04 01:36 -------- d-----w- c:\program files\Foxit Software 2013-10-01 14:13 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77C24E77-27C7-4B38-A240-0CDA5FE4A5D3}\mpengine.dll 2013-09-11 15:39 . 2013-08-08 01:03 2348544 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-07 02:22 . 2010-08-16 13:39 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-07-25 08:57 . 2013-08-14 11:30 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-19 01:41 . 2013-08-14 11:28 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-09 05:03 . 2013-08-14 11:30 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-09 05:03 . 2013-08-14 11:30 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-09 04:53 . 2013-08-14 11:30 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-07-09 04:52 . 2013-08-14 11:30 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 04:50 . 2013-08-14 11:29 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 04:46 . 2013-08-14 11:30 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 04:46 . 2013-08-14 11:30 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 04:46 . 2013-08-14 11:30 103936 ----a-w- c:\windows\system32\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2013-01-28 14:48 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "fspuip"="c:\program files\FSP\fspuip.exe" [2010-01-16 3354624] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GsiFinal] 2001-10-02 08:42 98304 ------w- c:\windows\System32\gspnDll.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2010-10-25 03:20 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2010-10-25 03:20 150552 ----a-w- c:\windows\System32\igfxpers.exe . R2 gafwload;D-Link DSL-200 USB ADSL Loader;c:\windows\system32\DRIVERS\gafwload.sys [2001-09-28 26987] R3 Brndis;External USB Cable Modem;c:\windows\system32\DRIVERS\Brndis.sys [2009-11-19 16512] R3 cpuz135;cpuz135;c:\users\Franz\Desktop\pc-wizard_2012.2.11\pcwiz_x32.sys [x] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600] R3 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [2010-03-03 32256] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2010-06-14 65600] R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] R3 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2013-04-25 580232] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\Drivers\cam3820a.sys [2010-02-10 308480] S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2010-01-16 44032] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-11-09 126064] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [2009-12-04 92272] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2012-02-04 1118312] . . --- Altri Servizi/Drivers In Memoria --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc . Contenuto della cartella 'Scheduled Tasks' . 2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-19 07:23] . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938863971-654839992-2743699717-1000Core.job - c:\users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-13 20:18] . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938863971-654839992-2743699717-1000UA.job - c:\users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-13 20:18] . . ------- Scansione supplementare ------- . uStart Page = about:blank IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll TCP: DhcpNameServer = 212.56.128.132 192.168.1.1 . - - - - CHIAVI ORFANE RIMOSSE - - - - . Toolbar-Locked - (no file) . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'Explorer.exe'(2360) c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\system32\taskhost.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Ora fine scansione: 2013-10-04 20:33:58 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2013-10-04 18:33 . Pre-Run: 268.397.096.960 byte disponibili Post-Run: 268.314.718.208 byte disponibili . - - End Of File - - DD8541FEB096CF732EB2696603FA0172 A36C5E4F47E84449FF07ED3517B43A31

Sorry, discard previous posts,this is the right one: RogueKiller V8.7.1 [Oct 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Franz [Admin rights] Mode : Scan -- Date : 10/04/2013 19:30:47 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato ¤¤¤ Le attività pianificate : 0 ¤¤¤ ¤¤¤ voci di avvio : 0 ¤¤¤ ¤¤¤ I browser Web : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [inline] EAT @explorer.exe (?g_pArrayPropertyEvent@EventManager@DirectUI@@0PAV?$UiaArray@H@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xAC577CD9) ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (unità disco standard) - TOSHIBA MQ01ABD032 ATA Device +++++ --- User --- [MBR] 1cb16a6681de2ce4ca7ae546c41f7dca [bSP] 30ed7b7a6f661bf0d4d4e3ff85a693c0 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 5200 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10651648 | Size: 2049 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 14860125 | Size: 297986 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10042013_193047.txt >>

RogueKiller V8.7.1 [Oct 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Franz [Admin rights] Mode : Scan -- Date : 10/04/2013 19:30:47 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato ¤¤¤ Le attività pianificate : 0 ¤¤¤ ¤¤¤ voci di avvio : 0 ¤¤¤ ¤¤¤ I browser Web : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [inline] EAT @explorer.exe (?g_pArrayPropertyEvent@EventManager@DirectUI@@0PAV?$UiaArray@H@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xAC577CD9) ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts

Thank you. It reported just 2 registry keys, which I didn't touch as per your instructions. Here is the log: RogueKiller V8.7.1 [Oct 3 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/

After updating FoxIt Reader, all of a sudden a page appeared telling me I was fined 100 euros by Maltese Police for probably downloading forbidden material,and computer would be unlocked after payment. CTRL+ALT+CANC did still work, I selected Task Manager but didn't work.Tried again,selected Disconnect and this worked. Entered as a Guest,no problem but network was not enabled. Rebooted PC,entered with my account Franz,same problem(with Guest no problem instead).If I disconnected internet,the page would still appear (and machine was blocked) but remain blank. Using Guest account and running programs as administrator, I discovered a service BECKVB pointing to a non-existing file c:\users\franz\appdata\local\temp\beckvb.exe Removed all its references in registry with RegEdit Compressed all files in c:\users\franz\appdata\local\temp into an archive,rebooted machine but problem still there. Rebooted machine with puppylinux,downloaded from interner Malware Bytes' Anti-Malware,rebooted with windows,accessed as guest and installed it. As internet didn't work,I couldn't update and kept April 2013 definitions. A scan found Stolen.data malware, the file being c:\users\franz\appdata\roaming\data.dat I successfully removed it,rebooted machine and now the problem was gone. As now the internet was working,I updated MBAM definitions. Scanned again, and it found (I think in the same file) Trojan.Ransom Deleted this too,rebooted,scanned again,this time there was nothing. I launched Malware Bytes' anti-rootkit,it found nothing. The system seems to work fine.Do you think it's really clean? Many thanks in advance DDS log follows: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7601.17514 Run by Franz at 9:35:25 on 2013-10-04 Microsoft Windows 7 Starter 6.1.7601.1.1252.39.1040.18.1013.137 [GMT 2:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Program Files\FSP\FspUip.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\explorer.exe C:\Windows\explorer.exe C:\Programmi\Java\jre6\bin\javaw.exe C:\Progs\Internet\FTrader\FTrader.exe C:\Windows\system32\notepad.exe C:\Program Files\Opera\Opera.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Guida per l'accesso a Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll mRun: [fspuip] c:\program files\fsp\fspuip.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:221 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll TCP: NameServer = 212.56.128.132 192.168.1.1 TCP: Interfaces\{FFA0EBCF-9D5C-4999-BF42-0074E21DBE6C} : DHCPNameServer = 212.56.128.132 192.168.1.1 TCP: Interfaces\{FFA0EBCF-9D5C-4999-BF42-0074E21DBE6C}\143707961676027457563747 : DHCPNameServer = 152.1.8.4 152.1.8.12 TCP: Interfaces\{FFA0EBCF-9D5C-4999-BF42-0074E21DBE6C}\2454E46554E4554594023584F4050594E4744554E4 : DHCPNameServer = 192.168.1.1 151.99.125.2 151.99.0.100 TCP: Interfaces\{FFA0EBCF-9D5C-4999-BF42-0074E21DBE6C}\75966496049407562736964797 : DHCPNameServer = 8.8.8.8 4.2.2.2 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-4 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-4 701512] R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2010-2-10 308480] R3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2010-7-20 44032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-4 22856] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2013-6-6 1118312] S2 gafwload;D-Link DSL-200 USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [2012-11-11 26987] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 Brndis;External USB Cable Modem;c:\windows\system32\drivers\Brndis.sys [2013-8-1 16512] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-16 54632] S3 fsssvc;Servizio Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-7-20 126064] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\drivers\JME.sys [2010-7-20 92272] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600] S3 PowerBiosServer;PowerBiosServer;c:\program files\hotkey\PowerBiosServer.exe [2010-3-3 32256] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-30 14848] S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2013-7-2 65600] S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-30 49664] S3 WiseBootAssistant;Wise Boot Assistant;c:\program files\wise\wise care 365\BootTime.exe [2013-4-18 580232] . =============== Created Last 30 ================ . 2013-10-04 04:39:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-04 04:04:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-04 04:04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-10-04 04:04:37 -------- d-----w- c:\users\franz\appdata\local\Programs 2013-10-04 03:34:27 4425448 ----a-w- C:\avg_free_stb_all_2014_4116_cnet.exe 2013-10-04 03:33:08 131918888 ----a-w- C:\avast_free_antivirus_setup.exe 2013-10-04 03:31:36 80456 ----a-w- C:\mbam-clean-1.60.2.0003.exe 2013-10-04 03:29:51 65232 ----a-w- C:\regassassin-setup-1.03.exe 2013-10-04 03:29:19 204496 ----a-w- C:\startuplite-setup-1.07.exe 2013-10-04 03:28:56 12907592 ----a-w- C:\mbar-1.07.0.1005.exe 2013-10-04 03:27:15 10285040 ----a-w- C:\mbam-setup-1.75.0.1300.exe 2013-10-04 03:25:15 131606136 ----a-w- C:\cureit.exe 2013-10-04 01:36:38 216064 ----a-w- c:\windows\system32\gcapi_dll.dll 2013-10-04 01:36:17 -------- d-----w- c:\program files\Foxit Software 2013-10-01 14:13:42 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{77c24e77-27c7-4b38-a240-0cda5fe4a5d3}\mpengine.dll 2013-09-11 15:39:22 2348544 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2013-08-07 02:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll 2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe 2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-08-01 08:40:17 981504 ----a-w- c:\windows\system32\wininet.dll 2013-08-01 07:50:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-19 01:41:01 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-09 05:03:34 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-09 05:03:34 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-09 04:53:46 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-07-09 04:52:10 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 04:50:42 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 04:46:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- c:\windows\system32\cryptnet.dll . ============= FINISH: 9:36:24,07 =============== Attached Files attach.txt