Hello.
Doesn't look too bad, there is a few leftovers and the damage I mentioned, but that can't be reversed sadly, although it shouldn't change how the machine works.



First, lets get rid of that proxy the malware set.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

1. 
   In Internet Explorer
2. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

1. 
   In Firefox
2. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
3. Click the apply button and restart that computer in normal mode.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.

No, you would not be. The trojan captures from what's entered in the field, not which keyboard does the entry

Some codes are setup to capture the field, 4CE, not your method of entry. Keyloggers can work differently though. I'm sure Bel can address how this backdoor trojan captures.

Bel, could you address his concerns? I'm sure you would provide better explanation than me.

I'm fairly certain keyloggers can't detect copy/paste stuff, although don't quote me on that.

For future reference, use Keyscrambler

Hi,
I wanna wipe up any leftovers.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click Belahzur.exe to run it.
  
  You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Hello.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
   
   Code:

   FCopy::
   c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\TCPIP.SYS
   c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\dllcache\TCPIP.SYS
   
   DDS::
   uInternet Settings,ProxyServer = 127.0.0.1:8118
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
6. When finished, it shall produce a log for you at C:\ComboFix.txt
7. Please post the contents of the log in your next reply.

Looks good now, patched file replaced, just 1 other issue.

Combofix says you have 2 antivirus programs installed, AVG and Kaspersky, but I only see Kaspersky in the uninstall list.

Did AVG not uninstall correctly?

All of your system files carry a digital signature, just like when you sign a piece of paper, that signature is unique to you, the same applies for your system files. The digital signature is a way of verifying the files are legit.

Some of your files don't have this digital signature and normally that indicates they maybe patched by malware. Combofix DID show 1 file that failed signature check, but luckily your machine had a backup copy that has the signature so Combofix replaced it.

Normally with situations like this where files might be patched, we recommend a full format, it's a waste of time trying to fight a file infecter, but luckily your files are okay.

The AVG problem is a registry key that got left behind, AVG tends to do this, they have a bad rep for having a messy uninstall routine, but we can remove it this way.

Were gonna do another CFScript.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
   
   Code:

   SecCenter::
   {17DDD097-36FF-435F-9E1B-52D74245D6BF}
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
6. When finished, it shall produce a log for you at C:\ComboFix.txt
7. Please post the contents of the log in your next reply.

Leaving it on for extreme hours, upto 48hrs for example, the only downside to that is running out of virtual memory, things slow down and take longer, but that can be fixed by rebooting every now and then.

Personally I don't run my machines overnight but I have done a few times before, not noticed any differences though, but mine is a fairly high end spec machine so it can deal with long hours.

How often do you perform maintenance on your machine? defragmenting it and such?