Windows Infected... Trojan.Sharpro Nvidia?

Hello,

Actually my internet browsing (Firefox) start redirecting me sometimes to some strange websites, when I click on a link from Google.
Also, when I'm not using Internet (My internet browsing is closed - But Wifi connected) I have an Ad ! It's just a picture (Commercial - Arround 640x480) that opens in the middle of the screen. I mean it's not like a regular window frame, with the 3 buttons on the top right (Minimize, Re-size, Close)... (It happened to me twice this last hour) ... and also when I watch a video on full screen mode, the taskbar shows up after 30seconds. And I have to click on the video to make it disappear, but 30 sec later... it appears again.
Also, sometimes When I click on a google link, it doesn't want to work (Server not found) but never did with internet explorer or chrome.
Sometimes when I start firefox, for the first 2 or 3 mins, Facebook doesn't want to load (Server not found) while other websites works fine... And if I try Facebook with Internet explorer or Chrome at the same time it works!
And when I'm writing this message (Using Firefox) Firefox go in backround (It's like I clicked on the taskbar for example) I can't write on firefox anymore, I have to click on it again to bring on first order... (I hope I explained it clearly :s )

I have Microsoft Security Essentials as antivirus. It doesn't detect anything.
I scanned with Malwarbytes (Found some trojans), and SuperAntispyware (Found some adware.tracking cookies).

But when running Malwarbytes, he found some Trojan from my last NVidia update.
Because two days ago I did an NVidia update from NVidia website.
I didn't want to Clean everything, because I'm afraid that it's a false alarm from Malwarebytes (Because NVidia should be clean... no?) But at the same time my laptop is obviously infected by something !
I also checked the Task Manager, and I found 50MB of Firefox plugin running... I stopped them. I'm not someone who download toolbars or everything that asks me to click on it.

So... What do you think?

Here is Malwarbytes Log



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8027

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/27/2011 2:33:06 AM
mbam-log-2011-10-27 (02-32-54).txt

Scan type: Quick scan
Objects scanned: 255472
Time elapsed: 20 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Nas\AppData\Local\activision\activisionupdate\activisionupdt32.dll (Trojan.SHarpro.PGen) -> No action taken.
c:\Users\Nas\AppData\Local\Apple\appleupdate\appleupdt32.dll (Trojan.SHarpro.PGen) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{02F4ADC8-ADE7-4132-B5B7-47543463301b} (Trojan.SHarpro.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F4ADC8-ADE7-4132-B5B7-47543463301B} (Trojan.SHarpro.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F4ADC8-ADE7-4132-B5B7-47543463301B} (Trojan.SHarpro.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F4ADC8-ADE7-4132-B5B7-47543463301B} (Trojan.SHarpro.Gen) -> No action taken.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA Update (Trojan.SHarpro.PGen) -> Value: NVIDIA Update -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Synaptics Update (Trojan.SHarpro.PGen) -> Value: Synaptics Update -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Nas\AppData\Local\Temp\thpm8193911548221764656.tmp (Exploit.Drop.3) -> No action taken.
c:\Users\Nas\local settings\application data\shellx86_x64.dll (Trojan.SHarpro.Gen) -> No action taken.
c:\Users\Nas\AppData\Local\shellx86_x64.dll (Trojan.SHarpro.Gen) -> No action taken.
c:\Users\Nas\AppData\Local\activision\activisionupdate\activisionupdt32.dll (Trojan.SHarpro.PGen) -> No action taken.
c:\Users\Nas\AppData\Local\Apple\appleupdate\appleupdt32.dll (Trojan.SHarpro.PGen) -> No action taken.

[Moderator]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[Malware Removal Specialist]

No action taken.

Please remove those items, and then do the following:

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
• Notepad will open with the results, click Yes to the Optional_Scan
• Please follow the instructions that pop up for posting the results. Post only the contents of both logs. There is no way to attach.
• Close the program window, and delete the program from your Desktop.

Thank you for the reply DragonMaster and Allan

I will do everything, and post the logs.

But if I remove some NVidia files, is it going to affect my graphic card working?

[Malware Removal Specialist]

Go ahead and have those deleted, post the log here.

Please do the following:

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.


Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Hi,
Ok I will use TDSSKIller

I finished with Malwarebytes, SUperantispyware, and DDS.
I post the logs now

Malwarebytes
NOTE: Last time I didn't delete the threads because I saw NVidia, and I asked you first.
After you all said YES, I scanned again, but as you can see Malwarebytes didn't exactly find all the same threads... This time he didn't find any NVidia trojan... is that normal? [I used CCleaner before Malwarebytes this time]

mbam-log: 10/28/2011 6:26am






Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8033

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/28/2011 6:26:32 AM
mbam-log-2011-10-28 (06-26-32).txt

Scan type: Quick scan
Objects scanned: 229808
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{02F4ADC8-ADE7-4132-B5B7-47543463301b} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F4ADC8-ADE7-4132-B5B7-47543463301B} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F4ADC8-ADE7-4132-B5B7-47543463301B} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F4ADC8-ADE7-4132-B5B7-47543463301B} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Nas\local settings\application data\shellx86_x64.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
c:\Users\Nas\AppData\Local\shellx86_x64.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

SuperAntispyare
NOTE: I used CCleaner before. SuperAntispyware found 0 Thread after a "Complete Scan"

Malwarebytes
NOTE:
I did a new one. Here is it


mbam-log 10/28/2011 12:13pm


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8033

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/28/2011 12:13:36 PM
mbam-log-2011-10-28 (12-13-36).txt

Scan type: Quick scan
Objects scanned: 229239
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS
DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by Nas at 12:27:38 on 2011-10-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3957.2181 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.bigseekpro.com/hypercam/{7617EF1E-D4A9-4651-9E2C-B654D3D11399}
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/hypercam/{7617EF1E-D4A9-4651-9E2C-B654D3D11399}
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant =
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
uRun: [DisplayBackupOnline] rundll32.exe "C:\ProgramData\DisplayBackupOnline.dll",DllRegisterServer
mRun: [HControlUser] "C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
mRun: [ATKOSD2] "C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
mRun: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] "C:\Windows\UpdReg.EXE"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{2795CE0C-2D94-4D16-9ACC-86E385689141} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\2426F687D2933473443343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\6427565675966696 : DhcpNameServer = 212.27.40.241 212.27.40.242
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\8416B696D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\C496675626F687D214442383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\D4F657C616 : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64:     HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64:     HP Smart BHO Class - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HControlUser] "C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
mRun-x64: [ATKOSD2] "C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
mRun-x64: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] "C:\Windows\UpdReg.EXE"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\
FF - prefs.js: keyword.URL - hxxp://www.scanquery.com/?tmp=nemo_results_removelink&prt=ScnqryPB&keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60394
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Nas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Nas\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Nas\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: XULRunner: {08583A71-F8CF-4D82-9516-4C5A8117F2CB} - C:\Users\Nas\AppData\Local\{08583A71-F8CF-4D82-9516-4C5A8117F2CB}
FF - Ext: XUL Cache: {d8a7ef98-7e29-4def-8b9e-62d8eabdb471} - %profile%\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-12-21 14904]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-25 2253120]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-21 2314240]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-1 136176]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-21 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-21 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-1 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-12 366152]
.
=============== Created Last 30 ================
.
2011-10-28 10:27:42   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7876A915-C731-41F0-A6F2-294A2E344B6F}\offreg.dll
2011-10-28 06:37:18   --------   d-----w-   C:\Users\Nas\AppData\Roaming\Sawer
2011-10-28 06:36:51   --------   d-----w-   C:\Users\Nas\AppData\Roaming\Juce VST Host
2011-10-28 06:24:55   8570192   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7876A915-C731-41F0-A6F2-294A2E344B6F}\mpengine.dll
2011-10-26 21:09:42   83456   ----a-w-   C:\Windows\SysWow64\srrstr.dll
2011-10-26 21:09:40   83456   ----a-w-   C:\ProgramData\DisplayBackupOnline.dll
2011-10-26 06:23:06   --------   d-----w-   C:\Users\Nas\AppData\Local\{75A23BBE-364D-4467-A013-4319375ECCEA}
2011-10-26 06:22:44   --------   d-----w-   C:\Users\Nas\AppData\Local\{639E7F8C-F96F-4F7B-A59D-E17E9B7925A5}
2011-10-25 17:53:09   837952   ----a-w-   C:\Windows\System32\easyupdatusapiu64.dll
2011-10-25 17:51:37   --------   d-----w-   C:\Program Files\NVIDIA Corporation
2011-10-25 17:51:01   --------   d-----w-   C:\NVIDIA
2011-10-25 16:57:50   --------   d-----w-   C:\Program Files (x86)\EA Games
2011-10-25 16:25:10   --------   d-----w-   C:\Users\Nas\AppData\Local\{598A196C-0EFD-4D98-95DE-725DA465EBEA}
2011-10-25 16:24:39   --------   d-----w-   C:\Users\Nas\AppData\Local\{74E2EFA2-C4B7-4363-9646-88198765AF4D}
2011-10-25 05:29:56   --------   d-----w-   C:\Users\Nas\AppData\Local\{C792C265-3DFD-4F95-A691-F58B1ABFF7B3}
2011-10-24 20:52:05   --------   d-----w-   C:\Users\Nas\AppData\Local\Facebook
2011-10-22 05:36:59   --------   d-----w-   C:\Program Files (x86)\Visicom Media
2011-10-21 19:55:29   --------   d-----w-   C:\Users\Nas\AppData\Local\{33DC2A6D-DD3B-4D02-BE0C-C4188E7FE208}
2011-10-19 04:34:02   --------   d-----w-   C:\Users\Nas\AppData\Local\{20FF508C-8AB5-451F-BC3E-16A5595607E5}
2011-10-19 04:33:51   --------   d-----w-   C:\Users\Nas\AppData\Local\{0C4EE2DE-F6FD-4622-A53E-8AC22075F58D}
2011-10-19 04:30:35   --------   d-----w-   C:\Program Files (x86)\SubtitlesSynch
2011-10-19 04:29:54   --------   d-----w-   C:\Users\Nas\AppData\Local\{7EF20001-C34D-4CCE-AE33-A29AF95CEC77}
2011-10-19 04:29:31   --------   d-----w-   C:\Users\Nas\AppData\Local\{48D80B02-670B-4519-9A48-46A74EF4A274}
2011-10-16 04:26:45   --------   d-----w-   C:\Program Files\CCleaner
2011-10-15 11:27:53   --------   d-----w-   C:\Users\Nas\AppData\Local\{9B421F6D-4D20-4E10-B815-5A337C4BAB73}
2011-10-15 11:27:29   --------   d-----w-   C:\Users\Nas\AppData\Local\{5B58B64E-EE8A-4CEA-A54B-E10501481350}
2011-10-15 04:54:52   321856   ----a-w-   C:\Windows\SysWow64\nvStreaming.exe
2011-10-13 01:06:46   3138048   ----a-w-   C:\Windows\System32\win32k.sys
2011-10-13 01:06:45   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
2011-10-13 01:06:45   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
2011-10-13 01:06:44   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
2011-10-13 01:06:43   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
2011-10-13 01:06:24   331776   ----a-w-   C:\Windows\System32\oleacc.dll
2011-10-13 01:06:24   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
2011-10-13 01:06:23   861696   ----a-w-   C:\Windows\System32\oleaut32.dll
2011-10-13 01:06:23   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2011-10-11 18:46:04   601424   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-10-11 18:45:52   917840   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{868B6634-68E0-4C71-AC68-723CB703D751}\gapaengine.dll
2011-10-10 15:09:40   4550304   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-05 17:56:32   --------   d-----w-   C:\Users\Nas\AppData\Local\{D683B203-E9F0-42F8-A145-EA82AC3650C0}
2011-10-03 18:14:09   --------   d-----w-   C:\Users\Nas\AppData\Local\{0954C95D-44FA-4B77-AEAE-AEC0DC711FC1}
2011-10-03 18:13:47   --------   d-----w-   C:\Users\Nas\AppData\Local\{F1BC4923-3EB8-44F9-980C-0194217F230E}
2011-09-28 23:30:27   --------   d-----w-   C:\Program Files (x86)\HyperCam 2
.
==================== Find3M  ====================
.
2011-10-28 16:05:03   45056   ----a-w-   C:\Windows\System32\acovcnt.exe
2011-10-28 06:38:54   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-09-14 17:09:26   152576   ----a-w-   C:\Windows\SysWow64\msclmd.dll
2011-09-14 17:09:25   175616   ----a-w-   C:\Windows\System32\msclmd.dll
2011-09-01 05:24:07   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57   1389056   ----a-w-   C:\Windows\System32\wininet.dll
2011-09-01 05:12:04   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15   1126912   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-08-31 21:00:50   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 12:28:22.43 ===============

DDS
Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/15/2010 8:50:11 AM
System Uptime: 10/28/2011 7:30:06 AM (5 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | G60JX
Processor: Intel(R) Core(TM) i5 CPU       M 430  @ 2.27GHz | Socket 989 | 2267/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 40.189 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
 Sansa Media Converter
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Adobe Shockwave Player 11.5
Advanced PC Tweaker v4.2
Antares Auto-Tune Evo VST
Antares Autotune Evo VST RTAS v6.0.9
Antares Kantos v1.0
Any Video Converter 3.2.7
Apple Application Support
Apple Software Update
ASIO4ALL
ASUS AI Recovery
ASUS AP Bank
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS_ScreenSaver_GSeries
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Battlefield 3
Best Buy Software Installer
BufferChm
Call of Duty Modern Warfare 2
Call of Duty: Black Ops
Compatibility Pack for the 2007 Office system
ControlDeck
Copy
Coupon Printer for Windows
Creative MediaSource 5
D3DX10
Death Rally for Windows
Destinations
DeviceDiscovery
DivX Setup
DJ_AIO_05_F4400_Software_Min
Empire Earth II
Express Gate
F4400
Facebook Plug-In
Facebook Video Calling 1.0.0.8714
FL Studio 9
Free Window Registry Repair
GameSpy Arcade
Gif Movie Gear 4
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Grand Theft Auto: Episodes from Liberty City
Half-Life
Half-Life: Blue Shift
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
HyperCam 2
IL Download Manager
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Driver
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
JDownloader
Junk Mail filter update
Kit Internet Mobile Bouygues Telecom
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.23)
MSVC80_x86_v2
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Need for Speed(TM) Hot Pursuit
Need for Speed™ SHIFT
Need For Speed™ World
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.2
PC Connectivity Solution
PoiZone
QuickTime
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.05.02.02
Rockstar Games Social Club
Roxio Burn
Roxio Roxio Burn
Roxio Update Manager
Sansa Updater
Sawer
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SHIFT 2 UNLEASHED™
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Sound Blaster Audigy HD
Speccy
Status
SubtitlesSynch
Toolbox
Toxic Biohazard
TrayApp
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
VodBurner
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
10/28/2011 8:25:13 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/28/2011 6:27:57 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/28/2011 2:41:53 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/28/2011 2:20:07 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/27/2011 5:12:04 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/27/2011 1:41:43 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/26/2011 2:16:03 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user Nas-PC\Nas SID (S-1-5-21-3596009218-1777886604-2241043216-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/26/2011 2:16:03 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user Nas-PC\Nas SID (S-1-5-21-3596009218-1777886604-2241043216-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/26/2011 12:05:41 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{F23B2AFE-C1E7-481E-853C-7FDD2026B937} because another computer on the network has the same name.  The server could not start.
10/26/2011 10:20:34 PM, Error: Microsoft-Windows-WMPNSS-Service [14365]  - Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
10/25/2011 1:57:17 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/25/2011 1:19:06 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/24/2011 5:45:47 PM, Error: volsnap [35]  - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
10/24/2011 5:00:36 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/23/2011 12:46:05 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/23/2011 10:11:57 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/22/2011 10:18:31 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/21/2011 9:54:41 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

And now I go scan with TDSSKiller and ComboFix... I come back in few minutes

Thank you

TDSSKiller

12:35:05.0871 4788   TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
12:35:06.0011 4788   ============================================================
12:35:06.0011 4788   Current date / time: 2011/10/28 12:35:06.0011
12:35:06.0011 4788   SystemInfo:
12:35:06.0011 4788   
12:35:06.0011 4788   OS Version: 6.1.7601 ServicePack: 1.0
12:35:06.0011 4788   Product type: Workstation
12:35:06.0011 4788   ComputerName: NAS-PC
12:35:06.0011 4788   UserName: Nas
12:35:06.0011 4788   Windows directory: C:\Windows
12:35:06.0011 4788   System windows directory: C:\Windows
12:35:06.0011 4788   Running under WOW64
12:35:06.0011 4788   Processor architecture: Intel x64
12:35:06.0011 4788   Number of processors: 4
12:35:06.0011 4788   Page size: 0x1000
12:35:06.0011 4788   Boot type: Normal boot
12:35:06.0011 4788   ============================================================
12:35:06.0433 4788   Initialize success

I just realized that I didn't post CCLeaner log :s
I check if I find it...

Does CCleaner save a log somewhere? I have the portable version...

ComboFix
NOTE: The computer freezed during the first time (When it asked me to disable Microsoft Security Essentials)


ComboFix 11-10-28.04 - Nas 10/28/2011  13:00:56.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3957.2544 [GMT -4:00]
Running from: c:\users\Nas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\DisplayBackupOnline.dll
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome.manifest
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome\xulcache.jar
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\defaults\preferences\xulcache.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\install.rdf
c:\users\Nas\AppData\Local\{08583A71-F8CF-4D82-9516-4C5A8117F2CB}
c:\users\Nas\AppData\Local\{08583A71-F8CF-4D82-9516-4C5A8117F2CB}\chrome.manifest
c:\users\Nas\AppData\Local\{08583A71-F8CF-4D82-9516-4C5A8117F2CB}\chrome\content\overlay.xul
c:\users\Nas\AppData\Local\{08583A71-F8CF-4D82-9516-4C5A8117F2CB}\install.rdf
c:\users\Nas\AppData\Local\Activision\ActivisionUpdate\Activisionupdt32.dll
c:\users\Nas\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll
c:\users\Nas\AppData\Roaming\Adobe\plugs
c:\users\Nas\AppData\Roaming\Adobe\shed
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome.manifest
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome\xulcache.jar
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\defaults\preferences\xulcache.js
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\install.rdf
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-28 to 2011-10-28  )))))))))))))))))))))))))))))))
.
.
2011-10-28 17:08 . 2011-10-28 17:08   69000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7876A915-C731-41F0-A6F2-294A2E344B6F}\offreg.dll
2011-10-28 17:07 . 2011-10-28 17:07   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2011-10-28 17:07 . 2011-10-28 17:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-10-28 06:39 . 2011-10-28 06:39   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-10-28 06:37 . 2011-10-28 06:37   --------   d-----w-   c:\users\Nas\AppData\Roaming\Sawer
2011-10-28 06:36 . 2011-10-28 06:37   --------   d-----w-   c:\users\Nas\AppData\Roaming\Juce VST Host
2011-10-28 06:24 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7876A915-C731-41F0-A6F2-294A2E344B6F}\mpengine.dll
2011-10-26 21:09 . 2011-10-26 21:09   83456   ----a-w-   c:\windows\SysWow64\srrstr.dll
2011-10-25 17:54 . 2011-10-25 17:54   --------   d-----w-   c:\users\UpdatusUser
2011-10-25 17:53 . 2011-10-15 08:53   837952   ----a-w-   c:\windows\system32\easyupdatusapiu64.dll
2011-10-25 17:51 . 2011-10-25 17:54   --------   d-----w-   c:\program files\NVIDIA Corporation
2011-10-25 17:51 . 2011-10-25 17:51   --------   d-----w-   C:\NVIDIA
2011-10-25 16:57 . 2011-10-25 16:57   --------   d-----w-   c:\program files (x86)\EA Games
2011-10-25 05:10 . 2011-10-25 05:18   --------   d-----w-   c:\users\Nas\AppData\Roaming\Download Manager
2011-10-24 20:52 . 2011-10-24 20:52   --------   d-----w-   c:\users\Nas\AppData\Local\Facebook
2011-10-22 05:36 . 2011-10-22 05:36   --------   d-----w-   c:\program files (x86)\Visicom Media
2011-10-19 04:30 . 2011-10-19 04:30   --------   d-----w-   c:\program files (x86)\SubtitlesSynch
2011-10-16 04:26 . 2011-10-16 04:26   --------   d-----w-   c:\program files\CCleaner
2011-10-15 04:54 . 2011-10-15 04:54   321856   ----a-w-   c:\windows\SysWow64\nvStreaming.exe
2011-10-13 19:52 . 2011-10-13 19:52   --------   d-----w-   c:\users\Nas\AppData\Roaming\Template
2011-10-13 01:06 . 2011-09-06 03:03   3138048   ----a-w-   c:\windows\system32\win32k.sys
2011-10-13 01:06 . 2011-08-17 05:26   613888   ----a-w-   c:\windows\system32\psisdecd.dll
2011-10-13 01:06 . 2011-08-17 04:19   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
2011-10-13 01:06 . 2011-08-17 04:24   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
2011-10-13 01:06 . 2011-08-17 05:25   108032   ----a-w-   c:\windows\system32\psisrndr.ax
2011-10-13 01:06 . 2011-08-27 05:37   331776   ----a-w-   c:\windows\system32\oleacc.dll
2011-10-13 01:06 . 2011-08-27 04:26   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-10-13 01:06 . 2011-08-27 05:37   861696   ----a-w-   c:\windows\system32\oleaut32.dll
2011-10-13 01:06 . 2011-08-27 04:26   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-10-11 18:46 . 2010-11-30 15:43   601424   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-10-11 18:45 . 2011-10-11 18:45   917840   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{868B6634-68E0-4C71-AC68-723CB703D751}\gapaengine.dll
2011-10-10 15:09 . 2011-10-10 15:09   4550304   ----a-w-   c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-09-28 23:30 . 2011-09-28 23:30   --------   d-----w-   c:\program files (x86)\HyperCam 2
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 17:09 . 2010-04-24 21:15   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2011-10-28 06:38 . 2010-07-09 18:58   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-10-15 08:53 . 2009-10-03 20:02   1640768   ----a-w-   c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2009-10-03 20:01   539456   ----a-w-   c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2009-10-03 20:01   5067584   ----a-w-   c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2009-10-03 20:01   3074368   ----a-w-   c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2009-10-03 20:01   222528   ----a-w-   c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2009-10-03 20:01   137536   ----a-w-   c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2009-10-03 20:01   10406208   ----a-w-   c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2009-10-03 14:32   2808128   ----a-w-   c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2009-10-03 14:32   13205312   ----a-w-   c:\windows\SysWow64\nvd3dum.dll
2011-10-07 04:16 . 2011-09-14 22:17   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-14 17:09 . 2009-07-14 02:36   152576   ----a-w-   c:\windows\SysWow64\msclmd.dll
2011-09-14 17:09 . 2009-07-14 02:36   175616   ----a-w-   c:\windows\system32\msclmd.dll
2011-08-31 21:00 . 2010-12-16 05:54   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-12 04:10 . 2011-09-13 14:58   8862544   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD9A08B0-0935-49CB-856B-DB9FEFBA5F11}\mpengine.dll
2011-08-10 02:15 . 2011-08-10 02:15   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-10 02:15 . 2011-08-10 02:15   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2011-08-10 02:15 . 2011-08-10 02:15   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2011-08-10 02:15 . 2011-08-10 02:15   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-10 02:15 . 2011-08-10 02:15   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2011-08-10 02:15 . 2011-08-10 02:15   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2011-08-10 02:15 . 2011-08-10 02:15   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2011-08-10 02:15 . 2011-08-10 02:15   367104   ----a-w-   c:\windows\SysWow64\html.iec
2011-08-10 02:15 . 2011-08-10 02:15   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2011-08-10 02:15 . 2011-08-10 02:15   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2011-08-10 02:15 . 2011-08-10 02:15   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2011-08-10 02:15 . 2011-08-10 02:15   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2011-08-10 02:15 . 2011-08-10 02:15   1427456   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2011-08-10 02:15 . 2011-08-10 02:15   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2011-08-10 02:15 . 2011-08-10 02:15   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2011-08-10 02:15 . 2011-08-10 02:15   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2011-08-10 02:15 . 2011-08-10 02:15   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2011-08-10 02:15 . 2011-08-10 02:15   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2011-08-10 02:15 . 2011-08-10 02:15   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-08-10 02:15 . 2011-08-10 02:15   222208   ----a-w-   c:\windows\system32\msls31.dll
2011-08-10 02:15 . 2011-08-10 02:15   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-08-10 02:15 . 2011-08-10 02:15   12288   ----a-w-   c:\windows\system32\mshta.exe
2011-08-10 02:15 . 2011-08-10 02:15   114176   ----a-w-   c:\windows\system32\admparse.dll
2011-08-10 02:15 . 2011-08-10 02:15   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-08-10 02:15 . 2011-08-10 02:15   49664   ----a-w-   c:\windows\system32\imgutil.dll
2011-08-10 02:15 . 2011-08-10 02:15   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-08-10 02:15 . 2011-08-10 02:15   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-08-10 02:15 . 2011-08-10 02:15   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2011-08-10 02:15 . 2011-08-10 02:15   76800   ----a-w-   c:\windows\system32\tdc.ocx
2011-08-10 02:15 . 2011-08-10 02:15   85504   ----a-w-   c:\windows\system32\iesetup.dll
2011-08-10 02:15 . 2011-08-10 02:15   448512   ----a-w-   c:\windows\system32\html.iec
2011-08-10 02:15 . 2011-08-10 02:15   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-10 02:15 . 2011-08-10 02:15   1492992   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-08-10 02:15 . 2011-08-10 02:15   603648   ----a-w-   c:\windows\system32\vbscript.dll
2011-08-10 02:15 . 2011-08-10 02:15   165888   ----a-w-   c:\windows\system32\iexpress.exe
2011-08-10 02:15 . 2011-08-10 02:15   160256   ----a-w-   c:\windows\system32\wextract.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08   143360   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-22 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-22 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3596009218-1777886604-2241043216-1000Core.job
- c:\users\Nas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 20:52]
.
2011-10-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3596009218-1777886604-2241043216-1000UA.job
- c:\users\Nas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 20:52]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 23:18]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 23:18]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3596009218-1777886604-2241043216-1000Core.job
- c:\users\Nas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:45]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3596009218-1777886604-2241043216-1000UA.job
- c:\users\Nas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:45]
.
2011-09-11 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2011-09-11 15:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52   159744   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bigseekpro.com/hypercam/{7617EF1E-D4A9-4651-9E2C-B654D3D11399}
mStart Page = hxxp://www.bigseekpro.com/hypercam/{7617EF1E-D4A9-4651-9E2C-B654D3D11399}
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\6427565675966696: DhcpNameServer = 212.27.40.241 212.27.40.242
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\C496675626F687D214442383: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\D4F657C616: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\
FF - prefs.js: keyword.URL - hxxp://www.scanquery.com/?tmp=nemo_results_removelink&prt=ScnqryPB&keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60394
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DisplayBackupOnline - c:\programdata\DisplayBackupOnline.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3596009218-1777886604-2241043216-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýU†j]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3596009218-1777886604-2241043216-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýU†j\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3596009218-1777886604-2241043216-1000\Software\SecuROM\License information*]
"datasecu"=hex:5f,c0,02,a7,b9,b5,32,30,09,db,e0,b1,67,ec,2d,bf,b4,ca,cd,08,42,
   6c,f9,29,62,04,1f,e3,1f,f2,59,ed,b3,55,88,58,75,cf,c5,1e,0e,24,48,72,eb,39,\
"rkeysecu"=hex:1e,87,b4,a3,5d,ca,24,e3,33,c6,f6,5f,28,f5,86,96
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Completion time: 2011-10-28  13:14:15 - machine was rebooted
ComboFix-quarantined-files.txt  2011-10-28 17:14
.
Pre-Run: 42,653,626,368 bytes free
Post-Run: 42,405,965,824 bytes free
.
- - End Of File - - BD0511F92914382D46D414936F4C38BB

HEre is it...
I finished with those one... But couldn't find a log for CCLeaner... do you know if it saved somewhere?

Thank you

[Malware Removal Specialist]

No need for CCleaner log.


ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

So, I scanned with ESET.
The first time, ESET found one thread to remove, but when I wanted to save a log, Windows crashed...
So I restarted Windows, and did another scan 5min later.... But he found more things...


C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe   a variant of Win32/Adware.AdvPCTweak application
C:\Qoobox\Quarantine\C\ProgramData\DisplayBackupOnline.dll.vir   a variant of Win32/Kryptik.UNZ trojan
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome.manifest.vir   Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Nas\AppData\Local\Activision\ActivisionUpdate\Activisionupdt32.dll.vir   a variant of Win32/Kryptik.UNZ trojan
C:\Qoobox\Quarantine\C\Users\Nas\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll.vir   a variant of Win32/Kryptik.UNZ trojan
C:\Qoobox\Quarantine\C\Users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome.manifest.vir   Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Nas\AppData\Local\Google\Chrome\User Data\Default\Default\dlihhkfjijkboimenpffikpdeinlfjnp\contentscript.js   Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Nas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\34584228-2f069fa4   Java/Agent.AC trojan
C:\Users\Nas\Desktop\SAVE\Nas\Hack\ophcrack-win32-installer-3.3.1.exe   multiple threats
C:\Users\Nas\Downloads\AdvancedPCTweaker.exe   a variant of Win32/Adware.AdvPCTweak application
C:\Users\Nas\Downloads\avc-free(2).exe   Win32/OpenCandy application
C:\Users\Nas\Downloads\cnet_mp3gain-win-1_2_5_exe.exe   a variant of Win32/InstallCore.D application
C:\Users\Nas\Downloads\cnet_SubtitlesSynchSetup_exe.exe   a variant of Win32/InstallCore.D application
C:\Users\Nas\Downloads\Fl.Studio.9.Prensboard.Com.rar   Win32/OpenCandy application
C:\Users\Nas\Downloads\packenergieettechnologieV22011EXIT.rar   a variant of Win32/Keygen.AS application
C:\Users\Nas\Downloads\packenergieettechnologieV22011EXIT.rar.001.exe   a variant of Win32/Keygen.AS application
C:\Users\Nas\Downloads\scripts_2010_by_leo.zip   multiple threats
C:\Users\Nas\Downloads\slg.ab.rar   a variant of Win32/HackTool.Patcher.D application
C:\Users\Nas\Downloads\software_informer.exe   probably a variant of Win32/SWInformer application
C:\Users\Nas\Downloads\Fl Studio 9\flstudio_9.0.exe   Win32/OpenCandy application
C:\Users\Nas\Downloads\slg.ab\slg.ab\Patch\Patch.exe   a variant of Win32/HackTool.Patcher.D application
C:\Users\Nas\Downloads\slg.abrio\slg.abrio\Patch\Patch.exe   a variant of Win32/HackTool.Patcher.D application
C:\Windows\System32\srrstr.dll   a variant of Win32/Kryptik.UNZ trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab   a variant of Win32/Adware.OneStep.Z application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab   a variant of Win32/Adware.OneStep.Z application
C:\Windows\SysWOW64\srrstr.dll   a variant of Win32/Kryptik.UNZ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab   a variant of Win32/Adware.OneStep.Z application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab   a variant of Win32/Adware.OneStep.Z application

[Malware Removal Specialist]

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)[/color]

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be neutralized then choose the delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  Note: This tool will self uninstall when you close it so please save the log before closing it.

Hi,

I'm sorry I didn't reply sooner.
But actually I already ran this tool on another computer, and the scan took 24h to finish, and because I work with my laptop (From 9am to 8pm), I procrastinated to run it... And now it's been almost two months...
What should I do ?
Run it anyway? Or start over?

Actually, the computer run fine, and there is no visible sign of infection.

What is your advice?

Thank you for all your help! You make the world a better place !

[Malware Removal Specialist]

Actually, the computer run fine, and there is no visible sign of infection.

Sorry. I misunderstood. In that case we can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*********************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

OK, great!
I try all of that.

Do I absolutely have to uninstall combofix?

And after I run all of that... I'm done with this laptop?
there is no need of any log posting?

[Malware Removal Specialist]

Do I absolutely have to uninstall combofix?

And after I run all of that... I'm done with this laptop?
there is no need of any log posting?

Yes, you should uninstall ComboFix. You no longer need it and it should not be used unless an expert is helping your.
You are done. There are no other logs to post. I will lock this thread. If you need it re-opened, please send me a pm.