Jump to content

Kindly help this newbie wth threats!


Recommended Posts

Hi experts,

Am so glad that i ve found this forum today. Yesterday i downloaded a game serial (blackops2 code) from the net. It looked something like blackops2nuketown.exe.. at that time i just had kis2012 installed in my system(which was not updated for several months).. i didnt get any threat warnings while installing blackops2nuketown.exe. But when i installed, a black window was opened and it was installing something in the background.. i suddenly cancelled the installation. Now am afraid that some bad program is being installed in my system.

Hence yesterday i bought kis2013.. installed, updated and made a full scan.. i found a trojan on that blackops2nuketown.exe.. then i deleted it.. then after doing some surfing in the net, i came to know about malwarebytes and superantispyware.. i downloaded and installed the free editions of both of them.. at first i did a full scan with malwarebytes.. no threats were found.. but when i did a full scan with superantispyware, totally 61 threats were found...

They are something like these:-

Critical Threats: [1 item found]

Rogue.agent/Gen-Nullo[DLL]

Tracking Objects: [60 items found]

Adware.Tracking cookie

(Most of them were in the Google chrome cookies.. )

I deleted all of the above.. but am still fearing that whether my laptop is infected..

So i kindly request the experts here to guide me further.. Thanks a ton in advance..

(P.S:

1.Can i use kis2013 + malwarebytes free edition + superantispyware free edition on a same laptop?

2. And i excluded Malwarebytes from KIS2013 & Kaspersky lab from Malwarebytes exclusion/ignored list.. Is that correct? And will i have to the same thing with Superantispyware also? if so i have exclude Superantispyware in the other two and vice versa... am i correct?

3.I download many stuffs from net (from torrents too)

)

Link to post
Share on other sites

Yes you can keep and run the free editions of Malwarebytes and SuperAntiSpyware. Also run the following:

Download DDS from here: http://download.bleepingcomputer.com/sUBs/dds.scr or here: http://download.bleepingcomputer.com/sUBs/dds.com and save it to your desktop.

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

DDS.txt

Attach.txt

Save both reports to your desktop

Please include the following logs in your next reply: DDS.txt and Attach.txt

Kevin..

Link to post
Share on other sites

Thanks a lot for ur help & quick reply.. the following are the logs..

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by Elcot at 16:15:58 on 2013-01-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.835 [GMT 5.5:30]

.

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\ProgramData\DatacardService\HWDeviceService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\ProgramData\Reliance Netconnect+\OnlineUpdate\ouc.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\LogonUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files\Reliance Netconnect+\Reliance Netconnect.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Lenovo\Energy Management\utility.exe

C:\Program Files\Lenovo\Energy Management\Energy Management.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\system32\calc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://websearch.just-browse.info/

mStart Page = hxxp://websearch.just-browse.info/

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe

mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe

mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

mRun: [sCX3200_Scan2Pc] c:\windows\twain_32\samsung\scx3200\Scan2pc.exe

mRun: [3200 Scan2PC] "c:\windows\twain_32\samsung\scx3200\Scan2Pc.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:32

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

Trusted Zone: alipay.com

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

Trusted Zone: taobao.com

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{6541AEB5-5772-4C3C-990F-1F310287B830} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C37A259A-E6CE-4A5F-A224-A492F61BD270} : DHCPNameServer = 192.168.42.129

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~1\browse~1\sprote~1.dll c:\progra~1\mocaflix\sprote~1.dll

SSODL: WebCheck - <orphaned>

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.just-browse.info/?l=1&q=

FF - prefs.js: browser.search.selectedEngine - WebSearch

FF - prefs.js: browser.startup.homepage - hxxp://websearch.just-browse.info/

FF - prefs.js: keyword.URL - hxxp://websearch.just-browse.info/?l=1&q=

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwangwang.dll

FF - plugin: c:\program files\trademanager\nptrademanager.dll

FF - plugin: c:\program files\trademanager\npwangwang.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2012-11-02 20:55; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\elcot\appdata\roaming\mozilla\firefox\profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\anti_banner@kaspersky.com

FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\content_blocker@kaspersky.com

FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\online_banking@kaspersky.com

FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\url_advisor@kaspersky.com

FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\virtual_keyboard@kaspersky.com

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]

R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]

R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-11-29 13336]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-26 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-26 682344]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-11-17 5120]

R2 UDisk Monitor;UDisk Monitor;c:\users\elcot\appdata\roaming\ct_ztemt_usb\MonServiceUDisk.exe [2012-12-18 507904]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2012-1-12 21520]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-10-19 73216]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-26 21104]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-11-29 267880]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]

S2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\reliance netconnect+\updatedog\ouc.exe [2012-10-19 218624]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-11-29 117032]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-10-19 102784]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-12-18 105472]

.

=============== Created Last 30 ================

.

2013-01-02 08:06:50 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-01-02 08:06:50 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-01-02 08:05:38 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2013-01-02 08:05:34 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dca7fa35-869f-4111-b45c-900d517525b2}\mpengine.dll

2013-01-02 07:49:44 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-01-02 07:49:44 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-02 07:49:44 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-01-02 07:49:01 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-01-02 07:49:01 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-01-02 07:49:01 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-01-02 07:49:01 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-01-02 07:49:00 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-01-02 07:49:00 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-01-02 07:49:00 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-01-02 07:48:39 5120 ----a-w- c:\windows\system32\wmi.dll

2013-01-02 07:48:39 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-01-02 07:48:39 159232 ----a-w- c:\windows\system32\imagehlp.dll

2013-01-02 07:44:38 -------- d-----w- c:\program files\MSXML 4.0

2013-01-02 07:16:39 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-01-02 07:16:39 1159680 ----a-w- c:\windows\system32\crypt32.dll

2013-01-02 07:16:39 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-01-02 07:14:15 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-01-02 07:14:15 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2013-01-02 07:14:15 225280 ----a-w- c:\windows\system32\schannel.dll

2013-01-02 07:14:15 219136 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-02 07:14:15 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-01-02 07:11:45 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-01-02 07:09:37 123904 ----a-w- c:\windows\system32\poqexec.exe

2013-01-02 07:09:35 442880 ----a-w- c:\windows\system32\ntshrui.dll

2013-01-02 07:09:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2013-01-02 07:09:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2013-01-02 07:09:22 2342400 ----a-w- c:\windows\system32\msi.dll

2013-01-02 07:09:18 2048 ----a-w- c:\windows\system32\tzres.dll

2013-01-02 07:08:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2013-01-02 05:55:47 -------- d-----w- c:\users\elcot\appdata\roaming\SUPERAntiSpyware.com

2013-01-02 05:55:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-01-02 05:55:03 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-01-01 16:25:57 -------- d-----w- c:\windows\ELAMBKUP

2013-01-01 16:25:50 -------- d-----w- c:\programdata\Kaspersky Lab

2013-01-01 16:25:50 -------- d-----w- c:\program files\Kaspersky Lab

2013-01-01 16:25:23 75096 ----a-w- c:\windows\system32\drivers\klflt.sys

2012-12-29 12:23:21 -------- d-----w- c:\programdata\WoW Worldwide Software LTD

2012-12-29 12:18:33 -------- d-----w- c:\users\elcot\appdata\roaming\SendSpace

2012-12-29 12:18:18 -------- d-----w- c:\program files\MocaFlix

2012-12-29 12:17:21 -------- d-----w- c:\program files\Optimizer Pro

2012-12-29 12:13:58 -------- d-----w- c:\program files\BrowseToSave

2012-12-29 12:12:37 -------- d-----w- c:\programdata\InstallMate

2012-12-28 15:38:22 -------- d-----w- c:\users\elcot\appdata\local\Programs

2012-12-27 06:06:06 -------- d-----w- c:\users\elcot\appdata\local\ElevatedDiagnostics

2012-12-25 19:02:18 -------- d-----w- c:\users\elcot\appdata\roaming\Malwarebytes

2012-12-25 19:02:08 -------- d-----w- c:\programdata\Malwarebytes

2012-12-25 19:02:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-25 19:02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-19 21:01:57 -------- d-----w- c:\programdata\eBay

2012-12-19 21:01:57 -------- d-----w- c:\program files\eBay

2012-12-19 20:27:36 -------- d-----w- c:\program files\Listing Factory 2012

2012-12-18 13:10:41 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys

2012-12-18 13:10:41 -------- d-----w- c:\users\elcot\appdata\roaming\CT_ZTEMT_USB

2012-12-18 13:10:23 -------- d-----w- c:\program files\ChinaTelDriverManager

2012-12-18 13:10:21 -------- d-----w- c:\users\elcot\appdata\roaming\chinatelecom

2012-12-18 13:10:15 -------- d---a-w- c:\program files\common files\B0B19AEC-413E-4654-86EE-3FD4E7655A93

2012-12-18 13:09:31 -------- d-----w- c:\program files\Chinatelecom C+W

2012-12-14 17:19:56 -------- d-----w- c:\program files\Microsoft ActiveSync

2012-12-14 15:56:23 -------- d-----w- c:\program files\Excel Password Unlocker

2012-12-14 15:45:34 -------- d-----w- c:\program files\PasswordLastic

2012-12-14 05:18:45 0 ----a-w- c:\windows\system32\sho7500.tmp

2012-12-13 21:01:44 0 ----a-w- c:\windows\system32\shoEB48.tmp

2012-12-11 17:43:58 0 ----a-w- c:\windows\system32\shoE72.tmp

2012-12-04 10:07:30 49152 ----a-r- c:\windows\system32\inetwh32.dll

2012-12-04 10:07:30 1044480 ----a-r- c:\windows\system32\roboex32.dll

.

==================== Find3M ====================

.

2013-01-01 17:56:22 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-01-01 17:56:21 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2013-01-01 17:56:20 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys

2012-12-11 19:17:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 19:17:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-22 07:44:51 0 ----a-w- c:\windows\system32\shoA5A1.tmp

2012-11-22 02:56:02 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-11-21 08:09:34 0 ----a-w- c:\windows\system32\sho619F.tmp

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-13 20:29:04 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-10-30 16:53:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-30 16:53:27 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-30 16:53:27 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-20 12:02:09 854 ----a-w- c:\windows\system32\.tmp

2012-10-19 10:27:14 3993600 ----a-w- c:\program files\GUT1DAE.tmp

2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe

2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 16:17:06.27 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 16-12-2011 12:07:34 PM

System Uptime: 02-01-2013 01:42:36 PM (3 hours ago)

.

Motherboard: LENOVO | | Base Board Product Name

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 59 GiB total, 7.528 GiB free.

D: is FIXED (NTFS) - 141 GiB total, 2.441 GiB free.

E: is CDROM (CDFS)

G: is FIXED (NTFS) - 98 GiB total, 90.158 GiB free.

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP31: 02-01-2013 01:11:01 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Acrobat.com

Active@ KillDisk Professional Suite

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI

BrowseToSave

ChinaNet client

Conexant HD Audio

DHTML Editing Component

DivX Setup

Energy Management

ETDWare PS/2-X86 8.0.4.3_WHQL

Excel Password Recovery Lastic 1.1

Excel Password Unlocker 4.0.2.3

FileZilla Client 3.6.0.2

Google Chrome

Google Gmail Notifier

Google Talk (remove only)

Google Update Helper

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

Java 7 Update 9

Java Auto Updater

Kaspersky Internet Security 2013

Listing Factory 2012 3.8.9.5

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Professional Edition 2003

Microsoft Office Starter 2010 - English

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual J# 2.0 Redistributable Package

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PandoraRecovery (Remove Only)

Realtek Ethernet Controller Driver For Windows 7

Reliance Netconnect+

Samsung Scan Assistant

Samsung SCX-3200 Series

Search Assistant MocaFlix 1.66

Skype™ 6.0

SUPERAntiSpyware

TN Govt Keyboard Interface

Total Video Converter 3.71 100812

TradeManager 2011 SP3

Turbo Lister 2

Tux Typing (remove only)

VC80CRTRedist - 8.0.50727.6195

VLC media player 1.1.11

Windows Media Player Firefox Plugin

WinRAR 4.20 (32-bit)

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

30-12-2012 09:13:50 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6541AEB5-5772-4C3C-990F-1F310287B830} because another computer on the network has the same name. The server could not start.

26-12-2012 11:43:23 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

26-12-2012 11:43:23 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

26-12-2012 11:43:23 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

26-12-2012 11:43:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

26-12-2012 01:20:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

26-12-2012 01:13:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

02-01-2013 01:45:02 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

02-01-2013 01:44:34 PM, Error: Service Control Manager [7023] -

02-01-2013 01:43:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Reliance Netconnect. OUC service to connect.

02-01-2013 01:43:38 PM, Error: Service Control Manager [7000] - The Reliance Netconnect. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

02-01-2013 01:43:30 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.

02-01-2013 01:31:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

01-01-2013 11:53:10 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

01-01-2013 02:21:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

.

==== End Of File ===========================

Link to post
Share on other sites

Yes was ok to do that, do not see a great deal wrong with the logs from DDS. Ok do the following:

Download http://general-chang...de/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/...online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spy...curityCheck.exe or http://screen317.cha...curityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see those three logs, also tell if there are any specific issues or concerns that you have with the system...

Kevin

Link to post
Share on other sites

AdwCleaner:-

# AdwCleaner v2.104 - Logfile created 01/02/2013 at 17:21:47

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Elcot - ELCOT-PC

# Boot Mode : Normal

# Running from : C:\Users\Elcot\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\searchplugins\WebSearch.xml

Folder Deleted : C:\Program Files\MocaFlix

Folder Deleted : C:\ProgramData\InstallMate

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\mocaflix\sprote~1.dll

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/ --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/ --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\prefs.js

C:\Users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.just-browse.info/?l=1&q=");

Deleted : user_pref("browser.search.order.1", "WebSearch");

Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.just-browse.info/");

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("keyword.URL", "hxxp://websearch.just-browse.info/?l=1&q=");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.just-browse.info/")[...]

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.just-browse.info/?l=1&q=");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Elcot\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [3498 octets] - [02/01/2013 17:21:47]

########## EOF - C:\AdwCleaner[s1].txt - [3558 octets] ##########

Link to post
Share on other sites

Eset Scan:-

(40 threats found)

C:\$RECYCLE.BIN\S-1-5-21-2551219980-1859055015-87672157-1000\$R6U8DNY.exe Win32/InstalleRex.E.Gen application

C:\Documents and Settings\Elcot\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Documents and Settings\Elcot\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Documents and Settings\Elcot\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

C:\Documents and Settings\Elcot\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Documents and Settings\Elcot\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Documents and Settings\Elcot\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

C:\Documents and Settings\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Documents and Settings\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Documents and Settings\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

C:\Documents and Settings\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Documents and Settings\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Documents and Settings\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe a variant of Win32/CNETInstaller.A application

C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part a variant of Win32/CNETInstaller.A application

C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe a variant of Win32/CNETInstaller.A application

C:\Documents and Settings\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Documents and Settings\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Documents and Settings\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

C:\Documents and Settings\Elcot\Local Settings\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Documents and Settings\Elcot\Local Settings\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Documents and Settings\Elcot\Local Settings\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

C:\Program Files\BrowseToSave\sprotector.dll a variant of Win32/SProtector.A application

C:\Program Files\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application

C:\Users\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Users\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Users\Elcot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

C:\Users\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Users\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Users\Elcot\AppData\Local\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe a variant of Win32/CNETInstaller.A application

C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part a variant of Win32/CNETInstaller.A application

C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe a variant of Win32/CNETInstaller.A application

C:\Users\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Users\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Users\Elcot\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

C:\Users\Elcot\Local Settings\Temporary Internet Files\Content.IE5\HBJR7A3G\search_defender_166[1].exe a variant of Win32/SProtector.A application

C:\Users\Elcot\Local Settings\Temporary Internet Files\Content.IE5\R50NKGEO\search_defender_alternate_166[1].exe Win32/SProtector application

C:\Users\Elcot\Local Settings\Temporary Internet Files\Content.IE5\Z6YVJNPS\optimizerpro_ala2[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application

D:\EARN ONLINEEEE\GTX Tech\E3 CFW 4.30 and manager.zip.exe Win32/InstalleRex.E.Gen application

Link to post
Share on other sites

Security Check:-

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Kaspersky Internet Security

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

SUPERAntiSpyware

Malwarebytes Anti-Malware version 1.70.0.1100

Java 7 Update 9

Adobe Flash Player 11.5.502.135

Adobe Reader XI

Mozilla Firefox (17.0.1)

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Reliance Netconnect+ OnlineUpdate ouc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Most of those entries are temporary internet files and will go with the temp file clean up when OTM is run:

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    C:\$RECYCLE.BIN\S-1-5-21-2551219980-1859055015-87672157-1000\$R6U8DNY.exe
    C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe
    C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part
    C:\Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe
    C:\Program Files\BrowseToSave\sprotector.dll
    C:\Program Files\Optimizer Pro\OptimizerPro.exe
    C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe
    C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part
    C:\Users\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe
    D:\EARN ONLINEEEE\GTX Tech\E3 CFW 4.30 and manager.zip.exe Win32/InstalleRex.E.Gen application
    :Commands
    [EmptyTemp]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:

http://www.malwarebytes.org/mbam.php

http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml[/url]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post those logs, also let me know how your system is responding.

Link to post
Share on other sites

When i click "Move It" once again the screen went black bro... then i pressed the power button, shut down my laptop and opened.. so any ideas pls?

P.S: I get the following error msg when i click "Move It"

Invalid Time Flag!

[instlleRex.E.Gen Application] Must be Numerical

Link to post
Share on other sites

When OTM is run the Desktop is automatically cleared so you do see a blank screen, is that possibly what happened? If not continue and run Combofix as follows...

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

Ya i have seen the blank screen in the desktop when i run OTM.. as u told me to post the results in this forum, i was unable to post it.. bcos as none of programs are visible in the desktop, i just had a only option of pressing the Power button to shutdown.. any ideas bro?

Will i ve to proceed with combofix bro?

Link to post
Share on other sites

Hi bro.. the following is the ComboFix log:-

ComboFix 13-01-02.01 - Elcot 02-01-2013 20:45:24.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.1175 [GMT 5.5:30]

Running from: c:\users\Elcot\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 )))))))))))))))))))))))))))))))

.

.

2013-01-02 15:30 . 2013-01-02 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-02 14:11 . 2013-01-02 14:11 -------- d-----w- C:\_OTM

2013-01-02 13:44 . 2013-01-02 13:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\offreg.dll

2013-01-02 08:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-01-02 08:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-01-02 08:05 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\mpengine.dll

2013-01-02 07:49 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-02 07:49 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-01-02 07:49 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-01-02 07:49 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-01-02 07:49 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-01-02 07:49 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-01-02 07:49 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-01-02 07:49 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-01-02 07:49 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-01-02 07:49 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-01-02 07:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-01-02 07:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2013-01-02 07:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2013-01-02 07:44 . 2013-01-02 07:44 -------- d-----w- c:\program files\MSXML 4.0

2013-01-02 07:16 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-01-02 07:16 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll

2013-01-02 07:16 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-01-02 07:14 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-01-02 07:14 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-01-02 07:14 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2013-01-02 07:14 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

2013-01-02 07:14 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-02 07:11 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-01-02 07:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2013-01-02 07:09 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2013-01-02 07:09 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2013-01-02 07:09 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2013-01-02 07:09 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2013-01-02 07:09 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

2013-01-02 07:08 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll

2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\users\Elcot\AppData\Roaming\SUPERAntiSpyware.com

2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\windows\ELAMBKUP

2013-01-01 16:25 . 2013-01-02 14:31 -------- d-----w- c:\programdata\Kaspersky Lab

2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\program files\Kaspersky Lab

2013-01-01 16:25 . 2012-08-13 12:54 75096 ----a-w- c:\windows\system32\drivers\klflt.sys

2012-12-29 12:23 . 2012-12-29 12:23 -------- d-----w- c:\programdata\WoW Worldwide Software LTD

2012-12-29 12:18 . 2012-12-29 12:18 -------- d-----w- c:\users\Elcot\AppData\Roaming\SendSpace

2012-12-29 12:17 . 2013-01-02 14:11 -------- d-----w- c:\program files\Optimizer Pro

2012-12-29 12:13 . 2013-01-02 14:11 -------- d-----w- c:\program files\BrowseToSave

2012-12-28 15:38 . 2012-12-28 15:38 -------- d-----w- c:\users\Elcot\AppData\Local\Programs

2012-12-27 06:06 . 2012-12-27 06:06 -------- d-----w- c:\users\Elcot\AppData\Local\ElevatedDiagnostics

2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\users\Elcot\AppData\Roaming\Malwarebytes

2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\programdata\Malwarebytes

2012-12-25 19:02 . 2012-12-28 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-25 19:02 . 2012-12-14 11:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\programdata\eBay

2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\program files\eBay

2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\Listing Factory 2012

2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\CT_ZTEMT_USB

2012-12-18 13:10 . 2009-11-18 14:20 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys

2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\program files\ChinaTelDriverManager

2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\chinatelecom

2012-12-18 13:10 . 2012-12-18 13:10 -------- d---a-w- c:\program files\Common Files\B0B19AEC-413E-4654-86EE-3FD4E7655A93

2012-12-18 13:09 . 2012-12-18 13:09 -------- d-----w- c:\program files\Chinatelecom C+W

2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft ActiveSync

2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft.NET

2012-12-14 15:56 . 2012-12-14 16:00 -------- d-----w- c:\program files\Excel Password Unlocker

2012-12-14 15:45 . 2012-12-14 15:45 -------- d-----w- c:\program files\PasswordLastic

2012-12-14 05:18 . 2012-12-14 05:18 0 ----a-w- c:\windows\system32\sho7500.tmp

2012-12-13 21:01 . 2012-12-13 21:01 0 ----a-w- c:\windows\system32\shoEB48.tmp

2012-12-11 17:52 . 2012-12-11 17:52 -------- d-----w- c:\program files\FileZilla FTP Client

2012-12-11 17:43 . 2012-12-11 17:43 0 ----a-w- c:\windows\system32\shoE72.tmp

2012-12-05 12:27 . 2012-12-30 13:09 -------- d-----w- c:\users\Elcot\AppData\Roaming\FileZilla

2012-12-04 10:07 . 2012-12-04 10:07 49152 ----a-r- c:\windows\system32\inetwh32.dll

2012-12-04 10:07 . 2012-12-04 10:07 1044480 ----a-r- c:\windows\system32\roboex32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-01 17:56 . 2012-06-08 06:08 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-01-01 17:56 . 2012-07-25 09:23 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2013-01-01 17:56 . 2012-05-25 14:08 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys

2012-12-11 19:17 . 2012-10-19 11:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 19:17 . 2012-10-19 11:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-22 07:44 . 2012-11-22 07:44 0 ----a-w- c:\windows\system32\shoA5A1.tmp

2012-11-21 08:09 . 2012-11-21 08:09 0 ----a-w- c:\windows\system32\sho619F.tmp

2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2012-11-12 10:27 . 2012-10-24 13:28 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-11-02 09:57 . 2012-10-25 10:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-10-30 16:53 . 2012-10-30 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-30 16:53 . 2012-10-30 16:53 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-30 16:53 . 2012-10-30 16:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-24 13:28 . 2012-10-24 13:28 292176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-10-20 12:02 . 2012-10-20 12:02 854 ----a-w- c:\windows\system32\.tmp

2012-10-19 10:27 . 2012-10-19 10:24 3993600 ----a-w- c:\program files\GUT1DAE.tmp

2012-10-19 09:57 . 2012-10-19 09:58 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys

2012-10-19 09:57 . 2012-10-19 09:58 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys

2012-10-19 09:57 . 2012-10-19 09:58 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys

2012-10-19 09:57 . 2012-10-19 09:58 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys

2012-10-19 09:57 . 2012-10-19 09:58 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys

2012-10-19 09:57 . 2012-10-19 09:58 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys

2012-10-19 09:57 . 2012-10-19 09:58 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys

2012-10-19 09:57 . 2012-10-19 09:58 353280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys

2012-10-19 09:57 . 2012-10-19 09:58 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2012-10-19 09:57 . 2012-10-19 09:58 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2012-10-19 09:57 . 2012-10-19 09:58 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys

2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll

2012-10-19 09:57 . 2012-10-19 09:58 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys

2012-10-16 07:39 . 2013-01-02 07:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-12-05 23:11 . 2012-12-05 23:11 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-10-21 322352]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17879216]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064]

"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-01-20 1812264]

"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2010-01-11 4147104]

"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2010-01-11 5068704]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]

"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]

"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-01 356376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\Reliance Netconnect+\UpdateDog\ouc.exe [x]

R2 UDisk Monitor;UDisk Monitor;c:\users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 19:17]

.

2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32]

.

2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\

FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe

AddRemove-{7F13A6D8-FEAD-1A9C-F877-B68FA4F0842E} - c:\progra~2\INSTAL~1\{7F13A~1\Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-02 21:03:00

ComboFix-quarantined-files.txt 2013-01-02 15:32

.

Pre-Run: 8,186,839,040 bytes free

Post-Run: 8,283,389,952 bytes free

.

- - End Of File - - B26B0552E4E0AEA16AE6D7A36A6331B7

Link to post
Share on other sites

OK, continue as follows:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::
DirLook::
C:\_OTM

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:

http://www.malwarebytes.org/mbam.php

http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post those two logs, also let me know how your system is responding and if any remaining issues or concerns...

Kevin..

Link to post
Share on other sites

CF log 2:-

ComboFix 13-01-02.02 - Elcot 02-01-2013 23:08:59.2.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1979.1272 [GMT 5.5:30]

Running from: c:\users\Elcot\Desktop\ComboFix.exe

Command switches used :: c:\users\Elcot\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 )))))))))))))))))))))))))))))))

.

.

2013-01-02 17:51 . 2013-01-02 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-02 14:11 . 2013-01-02 14:11 -------- d-----w- C:\_OTM

2013-01-02 13:44 . 2013-01-02 13:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\offreg.dll

2013-01-02 08:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-01-02 08:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-01-02 08:05 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCA7FA35-869F-4111-B45C-900D517525B2}\mpengine.dll

2013-01-02 07:49 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-02 07:49 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-01-02 07:49 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-01-02 07:49 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-01-02 07:49 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-01-02 07:49 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-01-02 07:49 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-01-02 07:49 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-01-02 07:49 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-01-02 07:49 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-01-02 07:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-01-02 07:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2013-01-02 07:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2013-01-02 07:44 . 2013-01-02 07:44 -------- d-----w- c:\program files\MSXML 4.0

2013-01-02 07:16 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-01-02 07:16 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll

2013-01-02 07:16 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-01-02 07:14 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-01-02 07:14 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-01-02 07:14 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2013-01-02 07:14 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

2013-01-02 07:14 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-02 07:11 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-01-02 07:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2013-01-02 07:09 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2013-01-02 07:09 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2013-01-02 07:09 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2013-01-02 07:09 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2013-01-02 07:09 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

2013-01-02 07:08 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll

2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\users\Elcot\AppData\Roaming\SUPERAntiSpyware.com

2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-01-02 05:55 . 2013-01-02 05:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\windows\ELAMBKUP

2013-01-01 16:25 . 2013-01-02 16:03 -------- d-----w- c:\programdata\Kaspersky Lab

2013-01-01 16:25 . 2013-01-01 16:25 -------- d-----w- c:\program files\Kaspersky Lab

2013-01-01 16:25 . 2012-08-13 12:54 75096 ----a-w- c:\windows\system32\drivers\klflt.sys

2012-12-29 12:23 . 2012-12-29 12:23 -------- d-----w- c:\programdata\WoW Worldwide Software LTD

2012-12-29 12:18 . 2012-12-29 12:18 -------- d-----w- c:\users\Elcot\AppData\Roaming\SendSpace

2012-12-29 12:17 . 2013-01-02 14:11 -------- d-----w- c:\program files\Optimizer Pro

2012-12-29 12:13 . 2013-01-02 14:11 -------- d-----w- c:\program files\BrowseToSave

2012-12-28 15:38 . 2012-12-28 15:38 -------- d-----w- c:\users\Elcot\AppData\Local\Programs

2012-12-27 06:06 . 2012-12-27 06:06 -------- d-----w- c:\users\Elcot\AppData\Local\ElevatedDiagnostics

2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\users\Elcot\AppData\Roaming\Malwarebytes

2012-12-25 19:02 . 2012-12-25 19:02 -------- d-----w- c:\programdata\Malwarebytes

2012-12-25 19:02 . 2012-12-28 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-25 19:02 . 2012-12-14 11:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\programdata\eBay

2012-12-19 21:01 . 2012-12-19 21:01 -------- d-----w- c:\program files\eBay

2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\Listing Factory 2012

2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\CT_ZTEMT_USB

2012-12-18 13:10 . 2009-11-18 14:20 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys

2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\program files\ChinaTelDriverManager

2012-12-18 13:10 . 2012-12-18 13:10 -------- d-----w- c:\users\Elcot\AppData\Roaming\chinatelecom

2012-12-18 13:10 . 2012-12-18 13:10 -------- d---a-w- c:\program files\Common Files\B0B19AEC-413E-4654-86EE-3FD4E7655A93

2012-12-18 13:09 . 2012-12-18 13:09 -------- d-----w- c:\program files\Chinatelecom C+W

2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft ActiveSync

2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\program files\Microsoft.NET

2012-12-14 15:56 . 2012-12-14 16:00 -------- d-----w- c:\program files\Excel Password Unlocker

2012-12-14 15:45 . 2012-12-14 15:45 -------- d-----w- c:\program files\PasswordLastic

2012-12-14 05:18 . 2012-12-14 05:18 0 ----a-w- c:\windows\system32\sho7500.tmp

2012-12-13 21:01 . 2012-12-13 21:01 0 ----a-w- c:\windows\system32\shoEB48.tmp

2012-12-11 17:52 . 2012-12-11 17:52 -------- d-----w- c:\program files\FileZilla FTP Client

2012-12-11 17:43 . 2012-12-11 17:43 0 ----a-w- c:\windows\system32\shoE72.tmp

2012-12-05 12:27 . 2012-12-30 13:09 -------- d-----w- c:\users\Elcot\AppData\Roaming\FileZilla

2012-12-04 10:07 . 2012-12-04 10:07 49152 ----a-r- c:\windows\system32\inetwh32.dll

2012-12-04 10:07 . 2012-12-04 10:07 1044480 ----a-r- c:\windows\system32\roboex32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-01 17:56 . 2012-06-08 06:08 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-01-01 17:56 . 2012-07-25 09:23 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2013-01-01 17:56 . 2012-05-25 14:08 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys

2012-12-11 19:17 . 2012-10-19 11:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 19:17 . 2012-10-19 11:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-22 07:44 . 2012-11-22 07:44 0 ----a-w- c:\windows\system32\shoA5A1.tmp

2012-11-21 08:09 . 2012-11-21 08:09 0 ----a-w- c:\windows\system32\sho619F.tmp

2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2012-11-12 10:27 . 2012-10-24 13:28 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-11-02 09:57 . 2012-10-25 10:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-10-30 16:53 . 2012-10-30 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-30 16:53 . 2012-10-30 16:53 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-30 16:53 . 2012-10-30 16:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-24 13:28 . 2012-10-24 13:28 292176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-10-20 12:02 . 2012-10-20 12:02 854 ----a-w- c:\windows\system32\.tmp

2012-10-19 10:27 . 2012-10-19 10:24 3993600 ----a-w- c:\program files\GUT1DAE.tmp

2012-10-19 09:57 . 2012-10-19 09:58 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys

2012-10-19 09:57 . 2012-10-19 09:58 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys

2012-10-19 09:57 . 2012-10-19 09:58 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys

2012-10-19 09:57 . 2012-10-19 09:58 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys

2012-10-19 09:57 . 2012-10-19 09:58 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys

2012-10-19 09:57 . 2012-10-19 09:58 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys

2012-10-19 09:57 . 2012-10-19 09:58 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys

2012-10-19 09:57 . 2012-10-19 09:58 353280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys

2012-10-19 09:57 . 2012-10-19 09:58 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2012-10-19 09:57 . 2012-10-19 09:58 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2012-10-19 09:57 . 2012-10-19 09:58 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys

2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-10-19 09:57 . 2012-10-19 09:58 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll

2012-10-19 09:57 . 2012-10-19 09:58 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys

2012-10-16 07:39 . 2013-01-02 07:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-12-05 23:11 . 2012-12-05 23:11 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\_OTM ----

.

2012-12-29 12:17 . 2012-10-21 14:55 24517936 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Program Files\Optimizer Pro\OptimizerPro.exe

2012-12-29 12:11 . 2012-12-29 12:11 308584 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_$RECYCLE.BIN\S-1-5-21-2551219980-1859055015-87672157-1000\$R6U8DNY.exe

2012-12-18 19:09 . 2012-12-18 19:09 686728 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MKV_to_AVI_Converter-ORG2-75450258.exe

2012-12-01 21:16 . 2012-12-01 21:16 686728 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe

2012-12-01 21:16 . 2012-12-01 21:16 686728 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Documents and Settings\Elcot\Downloads\cbsidlm-cbsi5_2_0_83-Pandora_Recovery-BP2-10694796.exe.part

2012-10-03 17:39 . 2012-10-03 17:39 355328 ----a-w- c:\_otm\MovedFiles\01022013_194143\C_Program Files\BrowseToSave\sprotector.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-10-21 322352]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17879216]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064]

"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-01-20 1812264]

"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2010-01-11 4147104]

"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2010-01-11 5068704]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]

"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]

"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-01 356376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\Reliance Netconnect+\UpdateDog\ouc.exe [x]

R2 UDisk Monitor;UDisk Monitor;c:\users\Elcot\AppData\roaming\CT_ZTEMT_USB\MonServiceUDisk.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 19:17]

.

2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32]

.

2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 10:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\

FF - ExtSQL: 2012-11-09 20:36; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\Elcot\AppData\Roaming\Mozilla\Firefox\Profiles\ocdvnaup.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - ExtSQL: 2013-01-01 21:55; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF - ExtSQL: 2013-01-01 21:55; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF - ExtSQL: 2013-01-01 21:55; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF - ExtSQL: 2013-01-01 21:56; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF - ExtSQL: 2013-01-01 21:56; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-02 23:23:43

ComboFix-quarantined-files.txt 2013-01-02 17:53

ComboFix2.txt 2013-01-02 15:33

.

Pre-Run: 7,577,034,752 bytes free

Post-Run: 8,550,887,424 bytes free

.

- - End Of File - - 5E2DF25793383E57F15F9E73A692E479

Link to post
Share on other sites

Mbam log:-

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.02.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Elcot :: ELCOT-PC [administrator]

Protection: Disabled

02-01-2013 PM 11:26:58

mbam-log-2013-01-02 (23-26-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194140

Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Yep CF log looks good, OK, do the following:

Remove Combofix now that we're done with it

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Next,

Remove ESET online scanner (Only If installed):

  • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
  • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

Next,

Uninstall adwcleaner.exe

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

Next,

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Next,

Download tfc_icon.png TFC to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete OK, also if any remaining issues or concerns...

Kevin...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.