Solve : Who are mikrocop.d.o.o??

1.	Solve : Who are mikrocop.d.o.o??
Answer» My security software (Agnitum Outpost Security Suite) informed me that it had BLOCKED an attempt to access one of the ports on my computer. It was a firm called microkop.d.o.o. (91.198.x.x) who I am not aware of. I know of no reason why they should access my computer. Is this something to worry about?Sure it is... Please run the following scan and we will start checking for malware... Scan for malware Please download Malwarebytes Anti-Malware from HERE. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer. Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Copy and paste the entire report in your next reply. Dragonmaster Jay, thanks for your reply. Sorry I haven't been back but we had a big scare with my sister who had to go through an operation and then wait to see if what they'd taken out was malignant. Thankfully it wasn't. I will now get on with what you asked me to do and get it on here quick as I can. Thanks again.OKie dokie. Go ahead with this as well, please. ESET Online Scan Please run a free online scan with the ESET Online Scanner Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it. Click Start or wait for the scanner to load. Make sure that the options Remove found threats and the option Scan unwanted applications are checked. Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, there are a couple of things to keep in mind: 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window. 2. If threats WERE detected, click on List of Threats Found, EXPORT to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window. Open the logfile from wherever you saved it Copy and paste the contents in your next reply. Done the MBAM and nothing found. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.17.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Ron :: LAPTOP [administrator] 17/11/2012 19:52:34 mbam-log-2012-11-17 (19-52-34).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM \| P2P Scan options disabled: Objects scanned: 209177 Time elapsed: 8 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Going to do the next part now.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dlla variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\nquzyw60.default\Cache\B\11\1E410d01HTML/ScrInject.B.Gen virusdeleted - quarantined C:\Users\Ron\AppData\Local\Temp\Free Desktop Clock.exea variant of Win32/Somoto.A applicationcleaned by deleting - quarantined C:\Users\Ron\AppData\Local\Temp\SetupDataMngr_Searchqu.exemultiple threatscleaned by deleting - quarantined ComboFix scan Please download ComboFix by sUBs From BleepingComputer.com Please save the file to your Desktop. Important information about ComboFix After the download: Close any open browsers. Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished. If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection. Running ComboFix: Double click on ComboFix.exe & follow the prompts. When ComboFix finishes, it will produce a report for you. Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply. Troubleshooting ComboFix Safe Mode: If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there. (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode.") Re-downloading: If this doesn't work either, try the same method (above method), but try to download it again, except name ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe. Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe. NOTE: If you encounter a message "illegal operation attempted on registry key that has been MARKED for deletion" and no programs will run - please just reboot and that will resolve that error.ComboFix 12-11-16.02 - Ron 18/11/2012 11:12:52.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1958 [GMT 0:00] Running from: c:\users\Ron\Downloads\ComboFix.exe AV: Outpost Security Suite Pro Disabled/Updated {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E} FW: Outpost Security Suite Pro Disabled {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615} SP: Outpost Security Suite Pro Disabled/Updated {578B8A29-863D-0449-EF15-3926A73ACBD3} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3C4B8B1C-90A4-40DD-9E78-F2A98AC739DE}.xps c:\users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7FD0805F-B38B-49B4-B4A0-9CF9767AEA49}.xps c:\users\Ron\AppData\Roaming\Microsoft\~DFK8e366d.tmp c:\users\Ron\AppData\Roaming\Microsoft\mjcriu.dll c:\users\Ron\AppData\Roaming\Microsoft\peaadje.dll c:\users\Ron\Documents\~WRL0001.tmp c:\users\Ron\Documents\~WRL0907.tmp c:\users\Ron\Documents\~WRL1544.tmp c:\users\Ron\Documents\~WRL2723.tmp c:\users\Ron\Documents\~WRL3016.tmp c:\users\Ron\Documents\~WRL3257.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_RelevantKnowledge . . ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-18 11:22 . 2012-11-18 11:26--------d-----w-c:\users\Ron\AppData\Local\temp 2012-11-18 11:22 . 2012-11-18 11:22--------d-----w-c:\users\Default\AppData\Local\temp 2012-11-17 20:11 . 2012-11-17 20:11--------d-----w-c:\program files\ESET 2012-11-16 11:45 . 2012-10-12 05:566918632----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{979EBB1F-2E5B-4EA2-BD1B-B94739DEF99B}\mpengine.dll 2012-11-13 21:48 . 2012-07-26 03:39526952----a-w-c:\windows\system32\drivers\Wdf01000.sys 2012-11-13 21:48 . 2012-07-26 03:3947720----a-w-c:\windows\system32\drivers\WdfLdr.sys 2012-11-13 21:48 . 2012-07-26 02:469728----a-w-c:\windows\system32\Wdfres.dll 2012-11-13 21:48 . 2012-07-26 02:3366560----a-w-c:\windows\system32\drivers\WUDFPf.sys 2012-11-13 21:48 . 2012-07-26 02:32155136----a-w-c:\windows\system32\drivers\WUDFRd.sys 2012-11-13 21:48 . 2012-07-26 03:21196608----a-w-c:\windows\system32\WUDFHost.exe 2012-11-13 21:48 . 2012-07-26 03:2073216----a-w-c:\windows\system32\WUDFSvc.dll 2012-11-13 21:48 . 2012-07-26 03:20613888----a-w-c:\windows\system32\WUDFx.dll 2012-11-13 21:48 . 2012-07-26 03:2038912----a-w-c:\windows\system32\WUDFCoinstaller.dll 2012-11-13 21:48 . 2012-07-26 03:20172032----a-w-c:\windows\system32\WUDFPlatform.dll 2012-11-13 21:45 . 2012-09-25 22:4778336----a-w-c:\windows\system32\synceng.dll 2012-11-13 21:45 . 2012-10-03 16:581293680----a-w-c:\windows\system32\drivers\tcpip.sys 2012-11-13 21:45 . 2012-10-03 16:42156672----a-w-c:\windows\system32\ncsi.dll 2012-11-13 21:45 . 2012-10-03 16:4252224----a-w-c:\windows\system32\nlaapi.dll 2012-11-13 21:45 . 2012-10-03 16:42242176----a-w-c:\windows\system32\nlasvc.dll 2012-11-13 21:45 . 2012-10-03 16:4218944----a-w-c:\windows\system32\netevent.dll 2012-11-13 21:45 . 2012-10-03 16:42175104----a-w-c:\windows\system32\netcorehc.dll 2012-11-13 21:45 . 2012-10-03 16:40499712----a-w-c:\windows\system32\iphlpsvc.dll 2012-11-13 21:45 . 2012-10-03 15:2135328----a-w-c:\windows\system32\drivers\tcpipreg.sys 2012-11-13 21:45 . 2012-10-18 17:592345984----a-w-c:\windows\system32\win32k.sys 2012-11-13 21:45 . 2012-10-09 17:4044032----a-w-c:\windows\system32\dhcpcsvc6.dll 2012-11-13 21:45 . 2012-10-09 17:40193536----a-w-c:\windows\system32\dhcpcore6.dll 2012-11-13 21:37 . 2012-08-24 17:05136560----a-w-c:\windows\system32\drivers\ksecpkg.sys 2012-11-13 21:37 . 2012-08-24 17:02369856----a-w-c:\windows\system32\drivers\cng.sys 2012-11-13 21:37 . 2012-08-24 16:57247808----a-w-c:\windows\system32\schannel.dll 2012-11-13 21:37 . 2012-08-24 16:57220160----a-w-c:\windows\system32\ncrypt.dll 2012-11-13 21:37 . 2012-08-24 16:561039360----a-w-c:\windows\system32\lsasrv.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-10 12:02 . 2012-11-10 12:01159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-10 12:02 . 2012-11-10 12:01159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-11-10 12:01 . 2012-11-10 12:01--------d-----w-c:\program files\QUICKTIME 2012-11-07 16:29 . 2012-11-07 16:2965848----a-w-c:\windows\system32\drivers\RapportKELL.sys 2012-10-29 12:26 . 2012-10-29 12:27--------d-----w-c:\users\Ron\AppData\Roaming\GoforFiles 2012-10-28 18:49 . 2012-10-28 18:49--------d-----w-c:\users\Ron\AppData\Roaming\Photobucket 2012-10-28 18:48 . 2012-10-28 18:48--------d-----w-c:\program files\Photobucket Desktop 2012-10-28 07:09 . 2012-10-28 07:09--------d-----w-c:\program files\Mozilla Maintenance Service 2012-10-25 15:19 . 2012-10-25 15:19--------d-----w-c:\program files\Common Files\Nikon 2012-10-25 15:17 . 2012-10-25 15:29--------d-----w-c:\program files\Microsoft Digital Image 2006 2012-10-25 03:12 . 2012-10-25 03:1294208----a-w-c:\windows\system32\QuickTimeVR.qtx 2012-10-25 03:12 . 2012-10-25 03:1269632----a-w-c:\windows\system32\QuickTime.qts 2012-10-21 11:49 . 2012-10-21 12:00--------d-----w-c:\users\Super Ted . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-11 17:44 . 2012-05-17 23:22895088----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-11-11 17:43 . 2012-05-17 23:2242776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-11 17:43 . 2012-05-17 23:21710992----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-11-09 10:45 . 2012-05-27 11:48895088----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-11-09 10:45 . 2012-05-27 11:4842776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-11-09 10:45 . 2012-05-27 11:48710992----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-11-08 23:26 . 2012-04-02 20:43697272----a-w-c:\windows\system32\FlashPlayerApp.exe 2012-11-08 23:26 . 2012-03-26 10:3873656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 19:54 . 2012-06-27 11:1422856----a-w-c:\windows\system32\drivers\mbam.sys 2012-09-24 22:16 . 2012-10-18 16:1893672----a-w-c:\windows\system32\WindowsAccessBridge.dll 2012-09-14 18:28 . 2012-10-10 15:042048----a-w-c:\windows\system32\tzres.dll 2012-09-13 10:23 . 2012-06-29 12:36821736----a-w-c:\windows\system32\npdeployJava1.dll 2012-09-13 10:23 . 2012-04-17 22:04746984----a-w-c:\windows\system32\deployJava1.dll 2012-08-31 17:18 . 2012-10-10 15:031211760----a-w-c:\windows\system32\drivers\ntfs.sys 2012-08-30 17:12 . 2012-10-10 15:033968880----a-w-c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 15:033914096----a-w-c:\windows\system32\ntoskrnl.exe 2012-08-24 16:57 . 2012-10-10 15:04172544----a-w-c:\windows\system32\wintrust.dll 2012-08-23 15:52 . 2012-11-13 21:383072----a-w-c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2012-08-22 17:16 . 2012-09-12 09:59712048----a-w-c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-12 09:59240496----a-w-c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-12 09:59187760----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12 . 2012-09-26 10:13245760----a-w-c:\windows\system32\OxpsConverter.exe 2012-08-21 12:01 . 2012-09-14 11:4526840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 12:01 . 2012-04-03 09:46106928----a-w-c:\windows\system32\GEARAspi.dll 2012-08-20 17:40 . 2012-10-10 15:04169984----a-w-c:\windows\system32\winsrv.dll 2012-08-20 17:40 . 2012-10-10 15:04293376----a-w-c:\windows\system32\KernelBase.dll 2012-08-20 17:37 . 2012-10-10 15:04271360----a-w-c:\windows\system32\conhost.exe 2012-08-20 17:32 . 2012-10-10 15:035120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:036144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:034608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-10-24 17:50 . 2012-10-28 07:09261600----a-w-c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost] @="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" [HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}] 2012-02-17 10:57246696----a-w-c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 4763008] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2012-02-17 3266864] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys R3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe S0 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll . . --- Other Services/Drivers In Memory --- . NewlyCreated - WS2IFSL Deregistered - VBCoreNT.0 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroupREG_MULTI_SZ GPSvc . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.search.yahoo.com/ uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\nquzyw60.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/\|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBayAllSelling&ssPageName=STRK:ME:LNLK:MESX\|http://www.natwest.com/personal.ashx\|https://www.paypal.com/uk/webapps/mpp/home\|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1351630588&rver=6.1.6206.0℘=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb&cbcxt=mai&snsc=1#n=1812048153&fid=5\|http://s756.beta.photobucket.com/\|http://www.metoffice.gov.uk/public/weather/forecast/?tab=fiveDay\|http://uk.search.yahoo.com/ FF - ExtSQL: 2012-10-28 07:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\nquzyw60.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) HKCU-Run-SkinClock - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2204) c:\program files\Trusteer\Rapport\bin\rooksbas.DLL c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Trusteer\Rapport\bin\RapportService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . *********************************************************************** . Completion time: 2012-11-18 11:30:00 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-18 11:29 . Pre-Run: 195,105,316,864 bytes free Post-Run: 195,572,260,864 bytes free . - - End Of File - - FFC5D76D32EAF74ADFAC6504DF921B7B Any more issues? We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here. Many of the things to note for us would be: Slow computer Error messages Fake antivirus alerts or the icon in the system tray svchost.exe running at 100% System crashes or blue screen of death Everything seems to be fine now, thanks to you. I appreciate your help, Dragonmaster Jay. I'm impressed with ESET too; my security suite didn't pick up the threats it found.Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future. Clean up System Restore Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back." To manually create a new Restore Point Go to Control Panel and select System and Maintenance Select System On the left select Advance System Settings and accept the warning if you get one Select System Protection Tab Select Create at the bottom Type in a name I.e. Clean Select Create Now we can purge the infected ones Go back to the System and Maintenance page Select Performance Information and Tools On the left select Open Disk Cleanup Select Files from all users and accept the warning if you get one In the drop down box select your main drive I.e. C For a few moments the system will make some calculations: Select the More Options tab In the System Restore and Shadow Backups select Clean up Select Delete on the pop up Select OK Select Delete Run OTC to remove our tools To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer: Save it to your Desktop. Double click OTC.exe. Click the CleanUp! button. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Purge old temporary files NOTE: If you already have this installed, you don't have to reinstall it. Please download CCleaner Slim and save it to your Desktop - Alternate download link When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program. Double-click the CCleaner shortcut on the desktop to start the program. A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation. On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program. Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser). Caution: Only use the Registry** feature if you are very familiar with the registry. Always back up your registry before making any CHANGES. Exit CCleaner after it has completed it's process. Security Check Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Disabled! Outpost Security Suite Pro Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````[/u] SUPERAntiSpyware Secunia PSI (3.0.0.2004) Malwarebytes Anti-Malware version 1.65.1.1000 CCleaner Java 7 Update 9 Adobe Flash Player 11.5.502.110 Adobe Reader X (10.1.4) Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent````````[/u] Trend Micro RUBotted RUBottedGUI.exe `````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````[/u]Personal Tips on Preventing Malware See this page for more info about malware and prevention. Any other questions before I mark this topic solved?Nothing else, thanks, DMJ. I appreciate your efforts. Thanks again. Ron You're welcome. Topic marked solved.

Answer»

My security software (Agnitum Outpost Security Suite) informed me that it had BLOCKED an attempt to access one of the ports on my computer. It was a firm called microkop.d.o.o. (91.198.x.x) who I am not aware of. I know of no reason why they should access my computer. Is this something to worry about?Sure it is... Please run the following scan and we will start checking for malware...

Scan for malware

Please download Malwarebytes Anti-Malware from HERE.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

Dragonmaster Jay, thanks for your reply. Sorry I haven't been back but we had a big scare with my sister who had to go through an operation and then wait to see if what they'd taken out was malignant. Thankfully it wasn't. I will now get on with what you asked me to do and get it on here quick as I can. Thanks again.OKie dokie. Go ahead with this as well, please.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, EXPORT to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Done the MBAM and nothing found.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ron :: LAPTOP [administrator]

17/11/2012 19:52:34
mbam-log-2012-11-17 (19-52-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 209177
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Going to do the next part now.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dlla variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined
C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\nquzyw60.default\Cache\B\11\1E410d01HTML/ScrInject.B.Gen virusdeleted - quarantined
C:\Users\Ron\AppData\Local\Temp\Free Desktop Clock.exea variant of Win32/Somoto.A applicationcleaned by deleting - quarantined
C:\Users\Ron\AppData\Local\Temp\SetupDataMngr_Searchqu.exemultiple threatscleaned by deleting - quarantined
ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been MARKED for deletion" and no programs will run - please just reboot and that will resolve that error.ComboFix 12-11-16.02 - Ron 18/11/2012 11:12:52.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1958 [GMT 0:00]
Running from: c:\users\Ron\Downloads\ComboFix.exe
AV: Outpost Security Suite Pro *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite Pro *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Outpost Security Suite Pro *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3C4B8B1C-90A4-40DD-9E78-F2A98AC739DE}.xps
c:\users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7FD0805F-B38B-49B4-B4A0-9CF9767AEA49}.xps
c:\users\Ron\AppData\Roaming\Microsoft\~DFK8e366d.tmp
c:\users\Ron\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Ron\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Ron\Documents\~WRL0001.tmp
c:\users\Ron\Documents\~WRL0907.tmp
c:\users\Ron\Documents\~WRL1544.tmp
c:\users\Ron\Documents\~WRL2723.tmp
c:\users\Ron\Documents\~WRL3016.tmp
c:\users\Ron\Documents\~WRL3257.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-18 11:22 . 2012-11-18 11:26--------d-----w-c:\users\Ron\AppData\Local\temp
2012-11-18 11:22 . 2012-11-18 11:22--------d-----w-c:\users\Default\AppData\Local\temp
2012-11-17 20:11 . 2012-11-17 20:11--------d-----w-c:\program files\ESET
2012-11-16 11:45 . 2012-10-12 05:566918632----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{979EBB1F-2E5B-4EA2-BD1B-B94739DEF99B}\mpengine.dll
2012-11-13 21:48 . 2012-07-26 03:39526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-13 21:48 . 2012-07-26 03:3947720----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-13 21:48 . 2012-07-26 02:469728----a-w-c:\windows\system32\Wdfres.dll
2012-11-13 21:48 . 2012-07-26 02:3366560----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-13 21:48 . 2012-07-26 02:32155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-13 21:48 . 2012-07-26 03:21196608----a-w-c:\windows\system32\WUDFHost.exe
2012-11-13 21:48 . 2012-07-26 03:2073216----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-13 21:48 . 2012-07-26 03:20613888----a-w-c:\windows\system32\WUDFx.dll
2012-11-13 21:48 . 2012-07-26 03:2038912----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-13 21:48 . 2012-07-26 03:20172032----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-13 21:45 . 2012-09-25 22:4778336----a-w-c:\windows\system32\synceng.dll
2012-11-13 21:45 . 2012-10-03 16:581293680----a-w-c:\windows\system32\drivers\tcpip.sys
2012-11-13 21:45 . 2012-10-03 16:42156672----a-w-c:\windows\system32\ncsi.dll
2012-11-13 21:45 . 2012-10-03 16:4252224----a-w-c:\windows\system32\nlaapi.dll
2012-11-13 21:45 . 2012-10-03 16:42242176----a-w-c:\windows\system32\nlasvc.dll
2012-11-13 21:45 . 2012-10-03 16:4218944----a-w-c:\windows\system32\netevent.dll
2012-11-13 21:45 . 2012-10-03 16:42175104----a-w-c:\windows\system32\netcorehc.dll
2012-11-13 21:45 . 2012-10-03 16:40499712----a-w-c:\windows\system32\iphlpsvc.dll
2012-11-13 21:45 . 2012-10-03 15:2135328----a-w-c:\windows\system32\drivers\tcpipreg.sys
2012-11-13 21:45 . 2012-10-18 17:592345984----a-w-c:\windows\system32\win32k.sys
2012-11-13 21:45 . 2012-10-09 17:4044032----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-11-13 21:45 . 2012-10-09 17:40193536----a-w-c:\windows\system32\dhcpcore6.dll
2012-11-13 21:37 . 2012-08-24 17:05136560----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-11-13 21:37 . 2012-08-24 17:02369856----a-w-c:\windows\system32\drivers\cng.sys
2012-11-13 21:37 . 2012-08-24 16:57247808----a-w-c:\windows\system32\schannel.dll
2012-11-13 21:37 . 2012-08-24 16:57220160----a-w-c:\windows\system32\ncrypt.dll
2012-11-13 21:37 . 2012-08-24 16:561039360----a-w-c:\windows\system32\lsasrv.dll
2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-10 12:02 . 2012-11-10 12:01159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-10 12:02 . 2012-11-10 12:01159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-11-10 12:01 . 2012-11-10 12:01--------d-----w-c:\program files\QUICKTIME
2012-11-07 16:29 . 2012-11-07 16:2965848----a-w-c:\windows\system32\drivers\RapportKELL.sys
2012-10-29 12:26 . 2012-10-29 12:27--------d-----w-c:\users\Ron\AppData\Roaming\GoforFiles
2012-10-28 18:49 . 2012-10-28 18:49--------d-----w-c:\users\Ron\AppData\Roaming\Photobucket
2012-10-28 18:48 . 2012-10-28 18:48--------d-----w-c:\program files\Photobucket Desktop
2012-10-28 07:09 . 2012-10-28 07:09--------d-----w-c:\program files\Mozilla Maintenance Service
2012-10-25 15:19 . 2012-10-25 15:19--------d-----w-c:\program files\Common Files\Nikon
2012-10-25 15:17 . 2012-10-25 15:29--------d-----w-c:\program files\Microsoft Digital Image 2006
2012-10-25 03:12 . 2012-10-25 03:1294208----a-w-c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:1269632----a-w-c:\windows\system32\QuickTime.qts
2012-10-21 11:49 . 2012-10-21 12:00--------d-----w-c:\users\Super Ted
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-11 17:44 . 2012-05-17 23:22895088----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-11 17:43 . 2012-05-17 23:2242776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-11-11 17:43 . 2012-05-17 23:21710992----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-09 10:45 . 2012-05-27 11:48895088----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-09 10:45 . 2012-05-27 11:4842776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-09 10:45 . 2012-05-27 11:48710992----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-08 23:26 . 2012-04-02 20:43697272----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-11-08 23:26 . 2012-03-26 10:3873656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 19:54 . 2012-06-27 11:1422856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-24 22:16 . 2012-10-18 16:1893672----a-w-c:\windows\system32\WindowsAccessBridge.dll
2012-09-14 18:28 . 2012-10-10 15:042048----a-w-c:\windows\system32\tzres.dll
2012-09-13 10:23 . 2012-06-29 12:36821736----a-w-c:\windows\system32\npdeployJava1.dll
2012-09-13 10:23 . 2012-04-17 22:04746984----a-w-c:\windows\system32\deployJava1.dll
2012-08-31 17:18 . 2012-10-10 15:031211760----a-w-c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 15:033968880----a-w-c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 15:033914096----a-w-c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57 . 2012-10-10 15:04172544----a-w-c:\windows\system32\wintrust.dll
2012-08-23 15:52 . 2012-11-13 21:383072----a-w-c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-08-22 17:16 . 2012-09-12 09:59712048----a-w-c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 09:59240496----a-w-c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 09:59187760----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 10:13245760----a-w-c:\windows\system32\OxpsConverter.exe
2012-08-21 12:01 . 2012-09-14 11:4526840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2012-04-03 09:46106928----a-w-c:\windows\system32\GEARAspi.dll
2012-08-20 17:40 . 2012-10-10 15:04169984----a-w-c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-10 15:04293376----a-w-c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-10 15:04271360----a-w-c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-10 15:035120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:034608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:036144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:034608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-24 17:50 . 2012-10-28 07:09261600----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2012-02-17 10:57246696----a-w-c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 4763008]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2012-02-17 3266864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys

R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys

R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys

R3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S0 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys

S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys

S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe

S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys

S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll

S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys

S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys

S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys

S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys

S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - VBCoreNT.0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroupREG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.search.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\nquzyw60.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBayAllSelling&ssPageName=STRK:ME:LNLK:MESX|http://www.natwest.com/personal.ashx|https://www.paypal.com/uk/webapps/mpp/home|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1351630588&rver=6.1.6206.0℘=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb&cbcxt=mai&snsc=1#n=1812048153&fid=5|http://s756.beta.photobucket.com/|http://www.metoffice.gov.uk/public/weather/forecast/?tab=fiveDay|http://uk.search.yahoo.com/
FF - ExtSQL: 2012-10-28 07:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\nquzyw60.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
HKCU-Run-SkinClock - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2204)
c:\program files\Trusteer\Rapport\bin\rooksbas.DLL
c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-11-18 11:30:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-18 11:29
.
Pre-Run: 195,105,316,864 bytes free
Post-Run: 195,572,260,864 bytes free
.
- - End Of File - - FFC5D76D32EAF74ADFAC6504DF921B7B
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

Everything seems to be fine now, thanks to you. I appreciate your help, Dragonmaster Jay. I'm impressed with ESET too; my security suite didn't pick up the threats it found.Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name I.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive I.e. C
For a few moments the system will make some calculations:

Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.
A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any CHANGES. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
Outpost Security Suite Pro
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
SUPERAntiSpyware
Secunia PSI (3.0.0.2004)
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````[/u]
Trend Micro RUBotted RUBottedGUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````[/u]Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?Nothing else, thanks, DMJ. I appreciate your efforts. Thanks again.

Ron
You're welcome. Topic marked solved.

Solve : Who are mikrocop.d.o.o??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment