Hello,
I got infected through a USB key (from a copyshop).
I tried to follow the steps.
I gathered the log files which are attached to this post.
However I had a problem with OTL.
https://dl.dropboxusercontent.com/u/1734411/2013-10-24%2013.54.55%20-%20OTL%20%231.jpg
https://dl.dropboxusercontent.com/u/1734411/2013-10-24%2013.54.48%20-%20OTL%20%232.jpg
Any help would be welcome.
Ox
MC2Shield logs …
However I had a problem with OTL.try run it from safe mode...
it may be Malwarebytes that block it…so if no go uninstall malwarebytes and try again
Hi,
Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Hey Pondus,
Makes no differences…
I tried:
Cheers
sabbathox, you may free to observe my post too …
Hey Magna86
Just 1 second… Slow Computer here 
Here are the logs.
Thanks.
This should fix your problem with malware. It also remove Lavasoft leftovers…
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
START
HKLM\...\Run: [iTunesHelper] - C:\DOCUME~1\ox\LOCALS~1\Temp\iTunesHelper.vbe [69554284 2013-10-13] () <===== ATTENTION
HKCU\...\Run: [iTunesHelper] - C:\DOCUME~1\ox\LOCALS~1\Temp\iTunesHelper.vbe [69554284 2013-10-13] () <===== ATTENTION
MountPoints2: {1de477c1-077f-11e3-b2a6-806d6172696f} - F:\install\setup.exe
MountPoints2: {401a5144-0cbf-11e3-a162-001b111c0b5e} - H:\LenovoQDrive.exe
MountPoints2: {44e25eab-0ac7-11e1-8ad2-001641397be8} - L:\LenovoQDrive.exe
MountPoints2: {531fe50b-1468-11e3-b58b-001b111c0b5e} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://connect.garmin.com/transfer/upload
MountPoints2: {c9cf39b4-dd25-11dd-8c0d-001b111c0b5e} - E:\Programs\PStart.exe
U2 CertPropSvc;
C:\Documents and Settings\ox\Desktop\wscript.exe.lnk
C:\Documents and Settings\ox\Application Data\oxv3.4.2.2.vbs
Folder: C:\Documents and Settings\ox\Application Data\B06B0B94
C:\Documents and Settings\ox\Local Settings\Temp
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\rkfree:uninst
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
END
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
------ Next -------
Instructions how to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]=> Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
Here is the FRST/FRST64 result log…
ComboFix is freezing the computer each time it is trying to run the scan…
sabbathox, rename Combofix into NoMBR and please re-try once more time.
Hello Magna86…
I don’t know the magic behind, but that did the trick apparently.
It ran well and I have now the log.
Thanks for your support.
Open notepad and copy/paste the text present inside the code box below:
NoMBR::
DirLook::
c:\documents and settings\ox\Local Settings\Application Data\ORPALIS
c:\documents and settings\ox\Application Data\mIRC
SkipFix::
DDS::
Trusted Zone: line6.net
File::
c:\documents and settings\ox\Application Data\Mozilla\Firefox\Profiles\odf6pite.default\extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi
RegNull::
[HKEY_USERS\S-1-5-21-1960408961-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3E8EE14B-051B-7DA7-2331-0D4D9037E35F}*]
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
How is your computer running now?
Seems to be running better
Is the process completed?
Do I need to take extra steps / precaution regarding to external HDD and memory keys?
Cheers
Ox
Is the process completed?magna86 will be back soon
when finish he will remove all tools used 
No Worries…
Was just wondering about external USB key / HDD that I might have connected to the computer while it was corrupted. Those drives have not been part of the scanned report with all the tools.
If I just need to remove the tools, I guess I will be able to do it by myself…
Thanks anyway, I’ll wait for him
Hi,
Was just wondering about external USB key / HDD that I might have connected to the computer while it was corrupted. Those drives have not been part of the scanned report with all the tools.
While MCShield is active, do not worry abaut that. 
Just one more thing to do …
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
FF Extension: DailymotionVideoDownloader - C:\Documents and Settings\ox\Application Data\Mozilla\Firefox\Profiles\odf6pite.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi
C:\Documents and Settings\ox\Application Data\Mozilla\Firefox\Profiles\odf6pite.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Okidok for MShield
Here is the log…
You mis-understand me. ;D
You need to create fixlist.txt for FRST.exe tool ( not for ComboFix ) and when you run an FRST tool, press Fix button.
It shall be created Fixlog.txt report. Post me contents of that log.
oopsie