wscript.exe infected shortcut virus

Viruses and worms
41

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Dragan :: DRAGAN-PC [administrator]

5.2.2014 19:52:23
mbam-log-2014-02-05 (19-52-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262359
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT2549263 (PUP.Optional.Conduit.A) → Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) → Data: j’` ľSěEŽľąK€1y → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) → Data: → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) → Data: Expat Shield Toolbar → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) → Data: → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) → Data: “C:\Windows\SysWOW64\Rundll32.exe” “C:\Users\Dragan\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll”,DllRun → Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) → Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263 (PUP.Optional.Conduit.A) → Quarantined and deleted successfully.

Files Detected: 7
C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll (PUP.Optional.Conduit) → Quarantined and deleted successfully.
C:\Users\Dragan\Local Settings\dpqs.exe (Trojan.Agent) → Quarantined and deleted successfully.
C:\Users\Dragan\AppData\Local\dpqs.exe (Trojan.Agent) → Quarantined and deleted successfully.
C:\Users\Dragan\AppData\Local\Conduit\CT2549263\Expat_ShieldAutoUpdateHelper.exe (PUP.Optional.Conduit.A) → Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263\configutaion.json (PUP.Optional.Conduit.A) → Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263\SetupIcon.ico (PUP.Optional.Conduit.A) → Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263\UninstallerUI.exe (PUP.Optional.Conduit.A) → Quarantined and deleted successfully.

(end)

42

ESETSmartInstaller@High as downloader log:
all ok

version=8

OnlineScannerApp.exe=1.0.0.1

OnlineScanner.ocx=1.0.0.6920

api_version=3.0.2

EOSSerial=b93573ac7bc15f4ea9d20a7a0902de08

engine=16955

end=finished

remove_checked=false

archives_checked=true

unwanted_checked=true

unsafe_checked=true

antistealth_checked=true

utc_time=2014-02-05 10:52:40

local_time=2014-02-05 11:52:40 (+0100, Central Europe Standard Time)

country=“Serbia”

lang=1033

osver=6.1.7601 NT Service Pack 1

compatibility_mode=774 16777213 85 77 46373 106905 0 0

compatibility_mode=5893 16776573 100 94 17260 143270610 0 0

scanned=278844

found=29

cleaned=0

scan_time=12696

sh=284131F7B8D2E6CB68C93BA685BF6AD66EAE4C00 ft=0 fh=0000000000000000 vn=“JS/Adware.Yontoo.B application” ac=I fn=“C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebCake\WebCakeLayers.crx.vir”
sh=034BE991CB00B240F574CF8B7F0B1F407B1FD9B8 ft=1 fh=d540e00c2c6e80d8 vn=“probably a variant of Win32/Adware.Yontoo.B application” ac=I fn=“C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}_Setupx.dll.vir”
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn=“Win32/Toolbar.Conduit.V potentially unwanted application” ac=I fn=“C:\Program Files (x86)\Expat_Shield\Expat_ShieldToolbarHelper.exe”
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn=“a variant of Win32/Toolbar.Conduit.P potentially unwanted application” ac=I fn=“C:\Program Files (x86)\Expat_Shield\ldrtbExpa.dll”
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn=“a variant of Win32/Toolbar.Conduit.B potentially unwanted application” ac=I fn=“C:\Program Files (x86)\Expat_Shield\tbExpa.dll”
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn=“a variant of Win32/Toolbar.Conduit.P potentially unwanted application” ac=I fn=“C:\Users\Dragan\AppData\LocalLow\Expat_Shield\ldrtbExpa.dll”
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn=“a variant of Win32/Toolbar.Conduit.B potentially unwanted application” ac=I fn=“C:\Users\Dragan\AppData\LocalLow\Expat_Shield\tbExpa.dll”
sh=B0DDA232E578E8328DB270A6A62551F4378B7439 ft=0 fh=0000000000000000 vn=“a variant of Win32/Keygen.AF potentially unsafe application” ac=I fn=“C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5.rar”
sh=F285CA7415AFC396DF7D2EB937BEF10181FC0BCE ft=1 fh=371f9e9cd5114eeb vn=“a variant of Win32/Keygen.AF potentially unsafe application” ac=I fn=“C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5\ArtRage Studio Pro v3.5 and KeyGen\Tom_Da_Man KeyGen.exe”
sh=3AED7FEFD779C77E191327236AD484CFD356E17C ft=0 fh=0000000000000000 vn=“a variant of Win32/HackTool.Patcher.A potentially unsafe application” ac=I fn=“C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\Crystal Fireplace.rar”
sh=90CAA1739957854FDB46D82C0049EB4DF3A5F36A ft=0 fh=0000000000000000 vn=“a variant of Generik.MKCYKIZ trojan” ac=I fn=“C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\The.Lost.Watch.II.rar”
sh=4DBFC69655DB54B9B01BBEB49C756038070486C7 ft=0 fh=0000000000000000 vn=“a variant of Generik.MKIGFTC trojan” ac=I fn=“C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\ValentineMusicbox.rar”
sh=7473B835981C9FF9FAF96F0533B05852B3FA152D ft=0 fh=0000000000000000 vn=“a variant of Win32/HackTool.Patcher.AD potentially unsafe application” ac=I fn=“C:\Users\Dragan\Documents\Vuze Downloads\Nero 12 Platinum 12.0.020 + Patch + Key [EC].zip”
sh=3C9DD80D994CEA5C7433EA6DB711A816D69F6721 ft=0 fh=0000000000000000 vn=“Win32/Packed.VMProtect.D trojan” ac=I fn=“C:\Users\Dragan\Documents\Vuze Downloads\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso”
sh=CCF45102B1F9BF611AF59F6D34F3D67156A992AA ft=1 fh=7f1bb0d10ac87aba vn=“a variant of Win32/CompuTrace.B potentially unsafe application” ac=I fn=“C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe”
sh=BE39508491A069E0C88C3F769823AEBC0750BC72 ft=1 fh=5555cd62567f2668 vn=“a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application” ac=I fn=“C:_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\Movies Toolbar\SafetyNut\del_DM_DLL_nsgD533.dll”
sh=498508A63996B59CD320B6AD85B8374293B03961 ft=1 fh=0a53a564154193ba vn=“Win32/Toolbar.SearchSuite.F potentially unwanted application” ac=I fn=“C:_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\Movies Toolbar\SafetyNut\del_DM_LL_nsgD533.dll”
sh=813DD415E4E78BA5D807C1FE672865EC901F27F6 ft=1 fh=e084a427af890bb5 vn=“a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application” ac=I fn=“C:_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\Movies Toolbar\SafetyNut\del_mg_nsgD533.dll”
sh=A2B36D82ADFCB1B19186407AEB25FD5CA00CB3E8 ft=1 fh=315a6a7f5981a7fd vn=“a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application” ac=I fn=“C:_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\Movies Toolbar\SafetyNut\x64\del_DM_LL_nsgD533.dll”
sh=EB0D400C4AD3BD3D5EE63D17A32696D84BF1E107 ft=1 fh=6b79e43a93336fdf vn=“Win32/AdWare.Facetheme.F application” ac=I fn=“C:_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\OApps\SelectionLinks.dll”
sh=61F5E5DDE8FFD917F83B368073C97FD25C1E42E0 ft=1 fh=004eb80d43cdc541 vn=“a variant of Win32/Amonetize.H potentially unwanted application” ac=I fn=“D:\Programi\AIMP Classic 1.77.6__3203_il2326862.exe”
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn=“Win32/DownloadAdmin.G potentially unwanted application” ac=I fn=“D:\Programi\cbsidlm-tr1_13-VIMICRO_USB_PC_Camera_ZC0301PLH-ORG-76155.exe”
sh=0CFA584598B2A57AEB93A39B9409A899F1FE013D ft=1 fh=8e32dd1af1e395b4 vn=“Win32/Bundled.Toolbar.Google.D potentially unsafe application” ac=I fn=“D:\Programi\DTLite4454-0315.exe”
sh=C76824B2FBF91F4E09546650CAFC2F706F1F9711 ft=1 fh=5658728b264bf71e vn=“Win32/OutBrowse.C potentially unwanted application” ac=I fn=“D:\Programi\FlvPlayer.exe”
sh=3451A1ACDB9D6C4520923E732A6D7993E8197383 ft=1 fh=ed2a770def16c842 vn=“Win32/Somoto.A potentially unwanted application” ac=I fn=“D:\Programi\FreeYouTubeDownloaderInstaller.exe”
sh=1B1779831B4F293D9BB568D77EB561FEB96ABE66 ft=1 fh=bde4f805a81a8698 vn=“a variant of Win32/4Shared.K potentially unwanted application” ac=I fn=“D:\Programi\Friedrich Gerke - Kasna …a i rano hriscanstvo.exe”
sh=67112FF10778696366E20309A551BAC45D40F26A ft=1 fh=d5d993d7cb04e4ef vn=“Win32/iLivid.A potentially unwanted application” ac=I fn=“D:\Programi\iLividSetup-r582-n-bc.exe”
sh=61083E81E89AB7F88ABA44E0C324AAA73880B571 ft=1 fh=d0211a03f51e965b vn=“a variant of Win32/InstallCore.AF potentially unwanted application” ac=I fn=“D:\Programi\mplayerl.exe”
sh=58C506D93FA108D2279F0801E3F1CD5C7AB36981 ft=1 fh=3c9d3175fad0644b vn=“a variant of Win32/Toolbar.Widgi.B potentially unwanted application” ac=I fn=“D:\Programi\YTDSetup.exe”

43

Results of screen317’s Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.43 Flash Player out of Date!
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox 25.0.1 Firefox out of Date!
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
[u]Process Check: objlist.exe by Laurent[/u]
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
[u]System Health check[/u]
Total Fragmentation on Drive C: 0%
[u]````````````````````End of Log``````````````````````[/u]

44

Hello,

[*]Step 1: Illegal Software Warning

In your logs I see some files which are related to illegal software like Cracks, Keygens etc. We don’t support illegal software. With further assistance you agree that we remove all of your illegal software etc. - if not please say that and we won’t fix your problem.

Illegal:

C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5\ArtRage Studio Pro v3.5 and KeyGen
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\Crystal Fireplace.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\The.Lost.Watch.II.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\ValentineMusicbox.rar
C:\Users\Dragan\Documents\Vuze Downloads\Nero 12 Platinum 12.0.020 + Patch + Key [EC].zip
C:\Users\Dragan\Documents\Vuze Downloads\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso

[*]Step 2: OTL Fix

[*]Run OTL. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator)
[*]Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


:Commands
[CreateRestorePoint]

:Files
C:\Program Files (x86)\Expat_Shield
C:\Users\Dragan\AppData\LocalLow\Expat_Shield
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5\ArtRage Studio Pro v3.5 and KeyGen
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\Crystal Fireplace.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\The.Lost.Watch.II.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\ValentineMusicbox.rar
C:\Users\Dragan\Documents\Vuze Downloads\Nero 12 Platinum 12.0.020 + Patch + Key [EC].zip
C:\Users\Dragan\Documents\Vuze Downloads\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso
C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
D:\Programi

:Commands
[EMPTYTEMP]

[*]Click the Run Fix button.
[*]After your computer has rebooted, run OTL and click Quick Scan.
[*]Copy and paste the contents of the log that it produces into your next post.

[*]Step 3: CKScanner

Download CKScanner from here

Important : Save it to your desktop.

[*]Doubleclick CKScanner.exe and click Search For Files. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the CKScanner.exe icon and select Run as Administrator)
[*]After a very short time, when the cursor hourglass disappears, click Save List To File.
[*]A message box will verify that the file is saved.
[*]Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

45

The last warning before closing. Any problems with the instructions above?

46

yes,i think this latest Step 2: OTL Fix wont work because i recently reorganised the whole pc and replaced a lot of files to optimise my system,those pirate files are removed,so tell me how to make new proces with OTL

47

Please make the steps how they are in my instructions. Also the OTL Fix.

48

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Program Files (x86)\Expat_Shield not found.
File\Folder C:\Users\Dragan\AppData\LocalLow\Expat_Shield not found.
File\Folder C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5.rar not found.
File\Folder C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5\ArtRage Studio Pro v3.5 and KeyGen not found.
File\Folder C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\Crystal Fireplace.rar not found.
File\Folder C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\The.Lost.Watch.II.rar not found.
File\Folder C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\ValentineMusicbox.rar not found.
File\Folder C:\Users\Dragan\Documents\Vuze Downloads\Nero 12 Platinum 12.0.020 + Patch + Key [EC].zip not found.
File\Folder C:\Users\Dragan\Documents\Vuze Downloads\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso not found.
File move failed. C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe scheduled to be moved on reboot.
D:\Programi folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

49

OTL QuickScan Log and CKScanner Log are missing.

50

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\dragan\appdata\roaming\azureus\torrents\mafia.ii.crackfix-skidrow.torrent
c:\users\dragan\appdata\roaming\azureus\torrents[kickass.to]rust.alpha.cracked.for.private.servers.12.19.2013.nosteam.torrent
c:\users\dragan\documents\vuze downloads\age of mythology complete\ageofmythologythetitansv1.03nocdcrack.rar
c:\users\dragan\documents\vuze downloads\anno 1701\anno 1701\crack\anno1701.exe
c:\users\dragan\documents\vuze downloads\grand theft auto vice city - pc\crack\gta-vc.exe
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\skidrow.nfo
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f.rar
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f.sfv
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\mafia2.exe
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\skidrow.nfo
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\steamclient.dll
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\steam_appid.txt
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\dlcs\cnt_made_man\content
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\dlcs\cnt_made_man\sds\cars\roller.sds
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\dlcs\cnt_made_man\sds\cars\roller_z.sds
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\dlcs\cnt_made_man\sds\cars\trautenberg_grande.sds
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\dlcs\cnt_made_man\sds\cars\trautenberg_grande_z.sds
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\dlcs\cnt_made_man\sds\player\vitsuit.sds
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\dlcs\cnt_made_man\sds\player\vittux.sds
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\dlcs\cnt_made_man\sds\wardrobe\vitsuit_coat.sds
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow\sr-mafia2f\dlcs\cnt_made_man\sds\wardrobe\vittux_coat.sds
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\file_id.diz
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\keygen.exe
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8001.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8002.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8003.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8004.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8005.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8006.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8007.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8008.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8010.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8011.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8012.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8013.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8014.zip
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.nfo
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r00
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r01
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r02
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r03
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r04
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r05
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r06
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r07
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r08
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r09
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r10
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r11
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.r12
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.rar
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8001\file_id.diz
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8001\keygen.exe
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8001\mesmerize.nfo
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8001\mesmerize.rar
c:_otl\movedfiles\02092014_182139\d_programi\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize\googlesketchupprowen.exe
c:_otl\movedfiles\02092014_182139\d_programi\sims\sims# crack\ts3w.exe
c:_otl\movedfiles\02092014_182139\d_programi\sims\sims# crack\tslhost.dll
scanner sequence 3.ZZ.11.DLNAGZ
----- EOF -----

51

OTL quick scan

52

OTL Fix

[*]Run OTL.
[*]Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.rcub.bg.ac.rs:8080
[2014.01.13 21:17:16 | 000,000,000 | ---D | M] (Expat Shield) -- C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\t40gefcs.default\extensions\{a060276a-53be-45ec-8ebe-b94b1e803179}
O2:[b]64bit:[/b] - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Dragan\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O8:[b]64bit:[/b] - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files (x86)\Di recnik\diie.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Translate with Di dictionary -  File not found
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files (x86)\Di recnik\diie.htm ()
O8 - Extra context menu item: Translate with Di dictionary -  File not found
O33 - MountPoints2\{1d848c7c-1b7d-11e2-8126-3085a914edfa}\Shell - "" = AutoRun
O33 - MountPoints2\{1d848c7c-1b7d-11e2-8126-3085a914edfa}\Shell\AutoRun\command - "" = F:\Windows\AutoRun.exe
[2014.02.03 03:52:20 | 000,000,000 | ---D | C] -- C:\Users\Dragan\AppData\Roaming\3909

:Files
c:\users\dragan\appdata\roaming\azureus\torrents\mafia.ii.crackfix-skidrow.torrent
c:\users\dragan\appdata\roaming\azureus\torrents\[kickass.to]rust.alpha.cracked.for.private.servers.12.19.2013.nosteam.torrent
c:\users\dragan\documents\vuze downloads\age of mythology complete
c:\users\dragan\documents\vuze downloads\anno 1701
c:\users\dragan\documents\vuze downloads\grand theft auto vice city - pc
c:\users\dragan\documents\vuze downloads\mafia.ii.crackfix-skidrow

:Commands
[EMPTYTEMP]

[*]Click the Run Fix button.
[*]After your computer has rebooted, run OTL and click Quick Scan.
[*]Copy and paste the contents of the log that it produces into your next post.

How is the PC running?

53

last instructions will be done on Wednesday when i finish two last exams

54

fix log

55

scan log

56

this last fix broke something with my startup so I had to ran startup fix,but tell my,what is the purpose of all this otl fixes

57
what is the purpose of all this otl fixes
To fix your system.

The OTL Fix didn’t damaged anything on your startup - that must be anything else (maybe the Malware caused that etc. …)

I’m back with further instructions tomorrow.

58

I dont recall seeing this hidden shortcuts of system folders before,is that normal,and on 4. screenshot wasnt Appdata hidden folder…

59
I dont recall seeing this hidden shortcuts of system folders before,is that normal,and on 4. screenshot wasnt Appdata hidden folder...
That's normal. We will set that back when we are finished.

===== > Step 1: OTL Fix < =====

[*]Right click on OTL and select Run as Administrator.
[*]Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.rcub.bg.ac.rs:8080
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
O2:64bit: - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [LauncherM1400] "C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe" /S EPSON AL-M1400 File not found
O4 - HKLM..\Run: [StatusAutoRunM1400] "C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON AL-M1400,hide,\S File not found
O4 - HKCU..\Run: [QuickScanner] C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe (Defender Pro)
O8:64bit: - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files (x86)\Di recnik\diie.htm File not found
O8:64bit: - Extra context menu item: Translate with Di dictionary - File not found
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files (x86)\Di recnik\diie.htm File not found
O8 - Extra context menu item: Translate with Di dictionary - File not found
[2014.02.06 18:11:05 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl

:Files
C:\Program Files (x86)\Defender Pro Quick Scanner

:Commands
[EMPTYTEMP]

[*]Click the Run Fix button.
[*]After your computer has rebooted, run OTL and click Quick Scan.
[*]Copy and paste the contents of the log that it produces into your next post.

===== > Step 2: Reminder < =====

How is your computer running?

Please don’t forget to include this logfile into your next reply:

[*]OTL.txt

60

Another time where you don’t answer. I will inform my teacher about that.