Win32.Load Money and Yandex removal advice please

[Juliet]

Is there anything else should I be doing and updating you on because you know I never went through with all your directions after the OTM thing ??

Yandex is an extension in your browser. I've been trying to locate it and delete it.

You really need to continue with the steps I outlined in a previous post.

• Please download RogueKillerX64.exe and save to the desktop.
• Close all windows and browsers
• Right-click the program and select 'Run as Administrator'
• Press the scan button.
• A report opens on the desktop named - RKreport.txt
• Please copy and past the results at pastebin.com and post the link to the log in your next reply.

~~~~~~~~~~~~~~~~~~~~

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
  
  ---------------------------------------------------------------------------------------------
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
  ---------------------------------------------------------------------------------------------
• If there are Internet issues after running ComboFix:
  Internet Explorer:
  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
  Firefox:
  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
  Chrome:
  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
  Safari
  Launch Safari
  Go to general settings menu
  Then in Preferences/ Advanced
  Then on line click Proxies change settings ...
  Click Internet Options, then click the Connections tab, click Network Settings.
  Disable option (uncheck) for the use of proxy server ...
  

Please post:
RKreport.txt
ComboFix.txt

[wendyseana]

Dear Juliet, HELP !!

I had to spend a bit of time discovering how exactly to disable SP (I also btw took out the Fırewall), meanwhile I had already downloaded Combo fix which seemed to involve a reboot - which I did. but Combofix had gone and I went back to Bleeping computers to get it again, I then downloaded it again now the antivirus was fully disabled and I now it seems I am completely shut out of my computer Firefox says " The proxy serer is refusing connections. firefox is configured to use a proxy server that is refusing connections." chrome says something similıar.

What is happening ? Luckily I have access to a friend`s computer and can still communicate with you.

Thanks, Wendy

[wendyseana]

Btw typo above SP was meant to be SB ie.,Spybot

[Juliet]

Usually a reboot does the trick.


If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

[wendyseana]

Dear Juliet, Sorry about the glitch on the reboot front, I just didn't connect with what your directions implied and what happened. I have done as you suggested with Mozilla and that worked fine - though still manipulated by Yandex - but Chrome does not seem to have an options etc in its Tools menu and looking around in Settings I did not find it there ??
Having completed Roguekiller and Combofix I will now re-enable the antivirus

Here are the two reports from Rogue Killer and Combofix :

1. Roguekiller :

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : gokarna [Admin rights]
Mode : Scan -- Date : 04/29/2014 10:44:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] kp5xybf2.default-1397910583341 : Yahoo Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E09AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74700731)
[Address] EAT @explorer.exe (BufferedPaintClear) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E08ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746EE6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746ED395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D94AB)
[Address] EAT @explorer.exe (CloseThemeData) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746ED9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747035E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D51BF)
[Address] EAT @explorer.exe (DrawThemeText) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DFCAF)
[Address] EAT @explorer.exe (EnableTheming) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747006CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E04BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E0473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E05DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E0FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DCD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DBF93)
[Address] EAT @explorer.exe (GetThemeBool) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D616C)
[Address] EAT @explorer.exe (GetThemeFilename) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702412)
[Address] EAT @explorer.exe (GetThemeFont) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DFF21)
[Address] EAT @explorer.exe (GetThemeInt) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D616C)
[Address] EAT @explorer.exe (GetThemeIntList) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747023B1)
[Address] EAT @explorer.exe (GetThemeMargins) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E06E2)
[Address] EAT @explorer.exe (GetThemePartSize) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DCDB1)
[Address] EAT @explorer.exe (GetThemePosition) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3FBB)
[Address] EAT @explorer.exe (GetThemeRect) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E3611)
[Address] EAT @explorer.exe (GetThemeStream) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E39D9)
[Address] EAT @explorer.exe (GetThemeString) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747022E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74703172)
[Address] EAT @explorer.exe (GetThemeSysColor) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747029C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470320B)
[Address] EAT @explorer.exe (GetThemeSysString) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E1081)
[Address] EAT @explorer.exe (GetWindowTheme) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DDF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E3CE3)
[Address] EAT @explorer.exe (IsAppThemed) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DF869)
[Address] EAT @explorer.exe (IsCompositionActive) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D85B4)
[Address] EAT @explorer.exe (OpenThemeData) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74703296)
[Address] EAT @explorer.exe (SetWindowTheme) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E0134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746ECFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470068D)
[Address] EAT @explorer.exe (DllCanUnloadNow) : Wlanapi.dll -> HOOKED (C:\Windows\system32\Syncreg.dll @ 0x73863418)
[Address] EAT @explorer.exe (DllGetClassObject) : Wlanapi.dll -> HOOKED (C:\Windows\system32\Syncreg.dll @ 0x738634C5)
[Address] EAT @explorer.exe (DllRegisterServer) : Wlanapi.dll -> HOOKED (C:\Windows\system32\Syncreg.dll @ 0x738633A5)
[Address] EAT @explorer.exe (DllUnregisterServer) : Wlanapi.dll -> HOOKED (C:\Windows\system32\Syncreg.dll @ 0x73863408)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA ST9500325AS SCSI Disk Device +++++
--- User ---
[MBR] 731db79b3f40f638db6910776cba10f9
[BSP] 97970a6b0bbb08775dfcbf0a5cb6dd19 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 279896 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 573435904 | Size: 196941 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04292014_104440.txt >>


2. Combofix:

ComboFix 14-04-30.01 - gokarna 04/30/2014 21:21:23.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1994 [GMT 3:00]
Running from: c:\users\gokarna\Downloads\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-03-28 to 2014-04-30 )))))))))))))))))))))))))))))))
.
.
2014-04-30 18:25 . 2014-04-30 18:25 -------- d-----w- c:\users\gokarna\AppData\Local\temp
2014-04-30 18:25 . 2014-04-30 18:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-30 18:25 . 2014-04-30 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-29 07:39 . 2014-04-29 07:39 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-04-29 06:48 . 2014-04-17 02:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{037E7DDA-919D-4EAE-A2D4-3C7ACB2E29E0}\mpengine.dll
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\programdata\Yandex
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\users\gokarna\AppData\Local\Yandex
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\program files\Yandex
2014-04-26 14:28 . 2014-04-27 01:18 -------- d-----w- c:\users\gokarna\AppData\Roaming\Yandex
2014-04-26 11:47 . 2014-04-26 11:47 -------- d-----w- C:\_OTM
2014-04-18 17:35 . 2014-04-18 17:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-04-18 17:22 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-18 17:22 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-18 17:22 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-18 17:22 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-18 17:11 . 2014-04-18 17:11 -------- d-----w- c:\users\gokarna\AppData\Local\WindowsUpdate
2014-04-18 17:06 . 2014-04-14 17:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 17:03 . 2014-04-18 17:03 921512 ----a-w- c:\program files\jxpiinstall.exe
2014-04-15 07:55 . 2014-04-15 07:56 -------- d-----w- c:\users\gokarna\Photos
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieUserList
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieSiteList
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\XPSViewer
2014-04-13 13:38 . 2014-04-18 17:42 -------- d-----w- c:\windows\system32\drivers\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\tr
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\drivers\UMDF\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\wbem\tr-TR
2014-04-13 13:14 . 2009-07-13 15:47 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\tr-TR\LXKPTPRC.DLL.mui
2014-04-13 13:08 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-13 13:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-04-05 19:16 . 2014-04-05 19:16 -------- d-----w- c:\windows\ERUNT
2014-04-05 18:21 . 2014-04-09 08:34 -------- d-----w- C:\AdwCleaner
2014-04-03 09:10 . 2014-04-03 09:10 -------- d-----w- c:\users\gokarna\AppData\Local\Spotify
2014-04-03 09:09 . 2014-04-08 05:54 -------- d-----w- c:\users\gokarna\AppData\Roaming\Spotify
2014-04-02 19:09 . 2014-04-02 19:09 -------- d-----w- c:\users\gokarna\AppData\Local\Skype
2014-04-02 19:09 . 2014-04-25 07:42 -------- d-----r- c:\program files\Skype
2014-04-02 19:09 . 2014-04-02 19:09 -------- d-----w- c:\program files\Common Files\Skype
2014-04-02 18:37 . 2014-04-18 17:08 -------- d-----w- c:\programdata\Oracle
2014-04-02 18:37 . 2014-04-02 18:39 -------- d-----w- c:\program files\Google
2014-04-02 18:04 . 2014-04-02 18:05 -------- d-----w- c:\program files\MPC-HC
2014-04-02 18:00 . 2014-04-02 18:00 -------- d-----w- c:\users\gokarna\AppData\Local\Secunia PSI
2014-04-02 17:58 . 2014-04-02 17:58 -------- d-----w- c:\program files\Secunia
2014-04-02 16:06 . 2014-04-26 10:27 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-02 16:05 . 2014-04-05 12:13 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-02 16:05 . 2014-04-03 06:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-02 16:05 . 2014-04-03 06:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-02 16:05 . 2014-04-03 06:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-02 16:05 . 2014-04-02 16:05 -------- d-----w- c:\programdata\Malwarebytes
2014-04-01 09:19 . 2014-04-09 10:02 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 09:09 . 2014-03-15 21:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 09:09 . 2014-03-15 21:28 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-31 06:35 . 2014-03-07 18:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-21 12:02 . 2014-03-21 12:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-21 12:02 . 2014-03-21 12:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-21 12:02 . 2014-03-21 12:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-21 12:02 . 2014-03-21 12:02 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-21 12:02 . 2014-03-21 12:02 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-03-21 12:02 . 2014-03-21 12:02 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-21 12:02 . 2014-03-21 12:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-21 12:02 . 2014-03-21 12:02 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-03-21 12:02 . 2014-03-21 12:02 337408 ----a-w- c:\windows\system32\html.iec
2014-03-21 12:02 . 2014-03-21 12:02 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-21 12:02 . 2014-03-21 12:02 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-03-21 12:02 . 2014-03-21 12:02 182272 ----a-w- c:\windows\system32\msls31.dll
2014-03-21 12:02 . 2014-03-21 12:02 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-03-21 12:02 . 2014-03-21 12:02 139264 ----a-w- c:\windows\system32\wextract.exe
2014-03-21 12:02 . 2014-03-21 12:02 13312 ----a-w- c:\windows\system32\mshta.exe
2014-03-21 12:02 . 2014-03-21 12:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-21 12:02 . 2014-03-21 12:02 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-21 01:03 . 2014-03-21 01:03 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-21 01:03 . 2014-03-21 01:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-03-21 01:03 . 2014-03-21 01:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-21 01:03 . 2014-03-21 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-03-21 01:03 . 2014-03-21 01:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-21 01:03 . 2014-03-21 01:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-21 01:03 . 2014-03-21 01:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-21 01:03 . 2014-03-21 01:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-21 01:03 . 2014-03-21 01:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-21 01:03 . 2014-03-21 01:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-21 01:03 . 2014-03-21 01:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2014-03-21 01:03 . 2014-03-21 01:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-21 01:03 . 2014-03-21 01:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-03-21 01:03 . 2014-03-21 01:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 01:02 . 2014-03-21 01:02 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 01:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-04 11:25 . 2012-05-30 09:14 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2014-02-07 01:07 . 2014-03-20 08:31 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-21 07:48 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-20 08:32 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\Elements\bartab.dll" [2013-12-18 3094368]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\Elements\bartab.dll" [2013-12-18 3094368]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20924576]
"Spotify Web Helper"="c:\users\gokarna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-03 1171968]
"uTorrent"="c:\users\gokarna\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-26 1270352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"AtherosBtStack"="c:\program files\Bluetooth Suite\btvstack.exe" [2012-05-30 878208]
"AthBtTray"="c:\program files\Bluetooth Suite\athbttray.exe" [2012-05-30 696448]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-20 280576]
.
c:\users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-3-4 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-26 107736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-15 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-03-26 107776]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-18 541680]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-18 26608]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 16880]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2012-05-30 97920]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2012-05-30 327296]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-05-30 35968]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2013-03-27 302920]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2013-03-27 101192]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2013-03-27 27976]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2013-03-27 158688]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2013-03-27 66448]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2013-03-27 119624]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-03-27 496456]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2013-03-20 85976]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-10-18 258704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-25 21:43 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 09:09]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?win=121&clid=1991182
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?win=121&clid=1991182
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Speed Test 127 - c:\program files\Speed Test 127\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-30 21:27:50
ComboFix-quarantined-files.txt 2014-04-30 18:27
.
Pre-Run: 156,012,404,736 bytes free
Post-Run: 155,890,843,648 bytes free
.
- - End Of File - - 54DE6406A8B436D54D018FF1D720AE75
A36C5E4F47E84449FF07ED3517B43A31

Btw, when you said "Yandex is an extension of your browser and you are trying to delete it, how will this happen - remotely ?

Best of the best with all this, Wendy

[Juliet]

We need to disable Spybot S&D's "TeaTimer" only if you use this service.

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
We can reenable it when we're done.

1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
2. If prompted with a legal dialog, accept the warning.
3. Click and then on "Advanced Mode"
   
4. You may be presented with a warning dialog. If so, press
5. Click on
6. Click on
7. Uncheck this checkbox:
   
8. Close/Exit Spybot Search and Destroy

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

File::
c:\program files\Yandex\Elements\bartab.dll
c:\programdata\Yandex
c:\users\gokarna\AppData\Local\Yandex
c:\program files\Yandex
c:\users\gokarna\AppData\Roaming\Yandex
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"=-
[-HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
Firefox::
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?win=121&clid=1991182
ClearJavaCache::

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.




Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Please post this log when done.

[wendyseana]

......because in my Spybot Sand D I do not seem to have these functions offered to me ???? No legal dialog, no mode selection, no 'Tools' section or, therefore a 'resident option'. I feel we must be looking at two different Spybot S and D universes. Nor btw have I seen anything in its contents called Tea timer.

Sorry its probably just me but I need more help to carry out this next operation. Wendy

[Juliet]

We need to disable Spybot S&D's "TeaTimer" only if you use this service.

That was no big deal, you should continue with the instructions I gave to clean your computer.

[wendyseana]

Hi Juliet, Sorry about the tea timer misunderstanding I just didn't know if my Spybot S and D ran this service or not and now I understand that it doesn't.

Pasted below is resultant log for CFscript united to ComboFix

ComboFix 14-04-30.01 - gokarna 05/03/2014 15:19:07.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1926 [GMT 3:00]
Running from: c:\users\gokarna\Downloads\ComboFix.exe
Command switches used :: c:\users\gokarna\Desktop\CFScript.txt
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Yandex"
"c:\program files\Yandex\Elements\bartab.dll"
"c:\programdata\Yandex"
"c:\users\gokarna\AppData\Local\Yandex"
"c:\users\gokarna\AppData\Roaming\Yandex"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Yandex\Elements\bartab.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-04-03 to 2014-05-03 )))))))))))))))))))))))))))))))
.
.
2014-05-03 12:23 . 2014-05-03 12:23 -------- d-----w- c:\users\gokarna\AppData\Local\temp
2014-05-03 12:23 . 2014-05-03 12:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-03 12:23 . 2014-05-03 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-03 00:00 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 22:18 . 2014-04-17 02:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C9B3D11-6407-4AF9-90B2-9FF7A64F02E4}\mpengine.dll
2014-04-29 07:39 . 2014-04-29 07:39 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\programdata\Yandex
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\users\gokarna\AppData\Local\Yandex
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\program files\Yandex
2014-04-26 14:28 . 2014-04-27 01:18 -------- d-----w- c:\users\gokarna\AppData\Roaming\Yandex
2014-04-26 11:47 . 2014-04-26 11:47 -------- d-----w- C:\_OTM
2014-04-18 17:35 . 2014-04-18 17:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-04-18 17:22 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-18 17:22 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-18 17:22 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-18 17:22 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-18 17:11 . 2014-04-18 17:11 -------- d-----w- c:\users\gokarna\AppData\Local\WindowsUpdate
2014-04-18 17:06 . 2014-04-14 17:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 17:03 . 2014-04-18 17:03 921512 ----a-w- c:\program files\jxpiinstall.exe
2014-04-15 07:55 . 2014-04-15 07:56 -------- d-----w- c:\users\gokarna\Photos
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieUserList
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieSiteList
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\XPSViewer
2014-04-13 13:38 . 2014-04-18 17:42 -------- d-----w- c:\windows\system32\drivers\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\tr
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\drivers\UMDF\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\wbem\tr-TR
2014-04-13 13:14 . 2009-07-13 15:47 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\tr-TR\LXKPTPRC.DLL.mui
2014-04-13 13:08 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-13 13:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-04-05 19:16 . 2014-04-05 19:16 -------- d-----w- c:\windows\ERUNT
2014-04-05 18:21 . 2014-04-09 08:34 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 09:09 . 2014-03-15 21:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 09:09 . 2014-03-15 21:28 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 10:27 . 2014-04-02 16:06 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 06:51 . 2014-04-02 16:05 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 06:51 . 2014-04-02 16:05 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 06:50 . 2014-04-02 16:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 06:35 . 2014-03-07 18:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-21 12:02 . 2014-03-21 12:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-21 12:02 . 2014-03-21 12:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-21 12:02 . 2014-03-21 12:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-21 12:02 . 2014-03-21 12:02 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-21 12:02 . 2014-03-21 12:02 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-03-21 12:02 . 2014-03-21 12:02 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-21 12:02 . 2014-03-21 12:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-21 12:02 . 2014-03-21 12:02 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-03-21 12:02 . 2014-03-21 12:02 337408 ----a-w- c:\windows\system32\html.iec
2014-03-21 12:02 . 2014-03-21 12:02 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-21 12:02 . 2014-03-21 12:02 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-03-21 12:02 . 2014-03-21 12:02 182272 ----a-w- c:\windows\system32\msls31.dll
2014-03-21 12:02 . 2014-03-21 12:02 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-03-21 12:02 . 2014-03-21 12:02 139264 ----a-w- c:\windows\system32\wextract.exe
2014-03-21 12:02 . 2014-03-21 12:02 13312 ----a-w- c:\windows\system32\mshta.exe
2014-03-21 12:02 . 2014-03-21 12:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-21 12:02 . 2014-03-21 12:02 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-21 01:03 . 2014-03-21 01:03 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-21 01:03 . 2014-03-21 01:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-03-21 01:03 . 2014-03-21 01:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-21 01:03 . 2014-03-21 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-03-21 01:03 . 2014-03-21 01:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-21 01:03 . 2014-03-21 01:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-21 01:03 . 2014-03-21 01:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-21 01:03 . 2014-03-21 01:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-21 01:03 . 2014-03-21 01:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-21 01:03 . 2014-03-21 01:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-21 01:03 . 2014-03-21 01:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2014-03-21 01:03 . 2014-03-21 01:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-21 01:03 . 2014-03-21 01:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-03-21 01:03 . 2014-03-21 01:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 01:02 . 2014-03-21 01:02 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 01:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-04 11:25 . 2012-05-30 09:14 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2014-02-07 01:07 . 2014-03-20 08:31 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-21 07:48 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-20 08:32 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20924576]
"Spotify Web Helper"="c:\users\gokarna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-03 1171968]
"uTorrent"="c:\users\gokarna\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-26 1270352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"AtherosBtStack"="c:\program files\Bluetooth Suite\btvstack.exe" [2012-05-30 878208]
"AthBtTray"="c:\program files\Bluetooth Suite\athbttray.exe" [2012-05-30 696448]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-20 280576]
.
c:\users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-3-4 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-26 107736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-15 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-03-26 107776]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-18 541680]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-18 26608]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 16880]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2012-05-30 97920]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2012-05-30 327296]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-05-30 35968]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2013-03-27 302920]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2013-03-27 101192]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2013-03-27 27976]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2013-03-27 158688]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2013-03-27 66448]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2013-03-27 119624]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-03-27 496456]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2013-03-20 85976]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-10-18 258704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-25 21:43 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 09:09]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?win=121&clid=1991182
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?win=121&clid=1991182
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - c:\program files\Yandex\Elements\bartab.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-03 15:24:50
ComboFix-quarantined-files.txt 2014-05-03 12:24
ComboFix2.txt 2014-04-30 18:27
.
Pre-Run: 155,436,085,248 bytes free
Post-Run: 155,359,883,264 bytes free
.
- - End Of File - - 5B846DB26390F8ACFA7B90617180273E
A36C5E4F47E84449FF07ED3517B43A31

[Juliet]

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish