WARNING: SECURITY ERROR PROBLEM & SYSTEM BLOCK AFTER VIRUSES REMOVAL

[Memorandum]

Greetings people,
I have this problem with my ACER laptop pc running Vista Home Premium 64 bit Service Pack 2, with an Intel(R) Core(TM) Duo CPU T8300 @2.40 GHz processor and I need to fix it now and immediately because I must use it to study for my exam tomorrow    (it's the only pc I have at home).
I encountered this when tried to install a vst-instrument (drumkit-from-helll) in a zip package a couple of days ago, realizing after that it was a trojan.
Then I tried this:

AVG scansion (found nothing exept the vst folder)
Malware Anti-bytes (found 3 infections)
Superantispyware (found 35 infected items)
Gmer (found nothing)
Kaspersky worm removal tool (found 4 infections caused by a program, Akamai)


After the removal of all of those infections, CCClean for unused files etc that cause slowdown of memory and for lost registry files and DLL, defrag and system configuration to stop services and processes that start on the logon, I have some doubts still...sometimes it seems that my processor stops working (no loading light after a while, above all if I try to open some PDF, scroll down, right click on propriety of a shortcut, close any process) with the freezing of some program, I've never had this problem before that...please help me....I can't do any fresh windows install because I have so many files there and I'm afraid that copy-paste could not work properly....

Thank you in advance

A.

PS: now in this session I'm in Safe Mode and it seems that everything is working fine...but once, when I tried to open youtube (internet connection working) it didn't scroll down on videos & create preview and it did not let me save any file from the web....then it's half an hour that it seems to work fine again but I have this doubt yet, luckly i do not see anymore that error message on black screen saying "security error problem" or something that I saw while my pc was infected (if it's not anymore)...when I try to reach the cause of this, I open task manager and I see there is a new process running, called "system inactivity process" that runs over 70% of my CPU...while there is that process running the loading light stops...but it happens after a while since before that time everything is working fine...

[Memorandum]

Sorry for double post. The malefic error is showing again. "error: protection options" with black screen. And when it is like that and I try to open Task Manager and see the processes, there is a new one showing like I told you before, called "system inactivity process" with 90% of my CPU used by it.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*********************************************************************
Please do this even if you don't have your OS disk.

Do you have your OS  CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

[Memorandum]

Here is the logfile:






# AdwCleaner v2.003 - Logfile created 10/01/2012 at 22:44:15
# Updated 23/09/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : David.Dydek - WSARCT006
# Boot Mode : Safe mode with networking
# Running from : C:\Users\David.Dydek\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Complitly
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\David.Dydek\AppData\Local\APN
Folder Found : C:\Users\David.Dydek\AppData\Local\AVG Secure Search
Folder Found : C:\Users\David.Dydek\AppData\Local\Conduit
Folder Found : C:\Users\David.Dydek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Found : C:\Users\David.Dydek\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\David.Dydek\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\David.Dydek\AppData\LocalLow\Conduit
Folder Found : C:\Users\David.Dydek\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\David.Dydek\AppData\Roaming\Complitly
Folder Found : C:\Users\David.Dydek\AppData\Roaming\OfferBox

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Offerbox
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Offerbox
Key Found : HKLM\Software\SweetIm
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-627423469-2756091447-589875621-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-627423469-2756091447-589875621-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.plusnetwork.com/?sp=blatbf
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

-\\ Google Chrome v22.0.1229.79

File : C:\Users\David.Dydek\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.16] : homepage = "hxxp://www.plusnetwork.com/?sp=blatbf",
Found [l.60] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Found [l.63] : keyword = "isearch.avg.com",
Found [l.66] : search_url = "hxxps://isearch.avg.com/search?cid={07CA220C-3CF7-48E4-97DE-53A12AFE750A}&mid=2fec801babad47d1aca9d1572ed12f58-80a1996a38f591632eb8982eee76821977b25ff7&lang=it&ds=AVG&pr=pr&d=2012-06-05 19:31:34&v=12.2.5.32&sap=dsp&q={searchTerms}",
Found [l.1885] : homepage = "hxxp://www.plusnetwork.com/?sp=blatbf",

*************************

AdwCleaner[R1].txt - [12767 octets] - [01/10/2012 22:44:15]

########## EOF - C:\AdwCleaner[R1].txt - [12828 octets] ##########

[Memorandum]

I tried Avira too and I found 2 infections before the scan stopped working. Then I will try again with another scan. I haven't got my OS DVD.

Avira logfile:




Avira Free Antivirus
Report file date: lunedì 1 ottobre 2012  20:28


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira AntiVir Personal - Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows (TM) Vista Home Premium
Windows version : (Service Pack 2)  [6.0.6002]
Boot mode       : Safe mode with network
Username        : David.Dydek
Computer name   : WSARCT006

Version information:
BUILD.DAT       : 13.0.0.2688    48279 Bytes  28/09/2012 10:12:00
AVSCAN.EXE      : 13.4.0.190    625440 Bytes  26/09/2012 13:58:14
AVSCANRC.DLL    : 13.4.0.163     54560 Bytes  20/09/2012 07:18:22
LUKE.DLL        : 13.4.0.184     66848 Bytes  25/09/2012 09:00:15
AVSCPLR.DLL     : 13.4.0.190     93984 Bytes  26/09/2012 13:58:22
AVREG.DLL       : 13.4.0.180    245536 Bytes  24/09/2012 11:05:45
avlode.dll      : 13.4.0.196    418080 Bytes  28/09/2012 08:04:08
avlode.rdf      : 13.0.0.24       7196 Bytes  27/09/2012 09:30:38
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06/11/2009 13:50:29
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14/12/2010 13:50:31
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20/12/2011 13:50:34
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01/02/2012 13:50:36
VBASE004.VDF    : 7.11.26.44   4329472 Bytes  28/03/2012 13:50:37
VBASE005.VDF    : 7.11.34.116  4034048 Bytes  29/06/2012 13:42:40
VBASE006.VDF    : 7.11.41.250  4902400 Bytes  06/09/2012 13:42:40
VBASE007.VDF    : 7.11.41.251     2048 Bytes  06/09/2012 13:42:40
VBASE008.VDF    : 7.11.41.252     2048 Bytes  06/09/2012 13:42:40
VBASE009.VDF    : 7.11.41.253     2048 Bytes  06/09/2012 13:42:40
VBASE010.VDF    : 7.11.41.254     2048 Bytes  06/09/2012 13:42:40
VBASE011.VDF    : 7.11.41.255     2048 Bytes  06/09/2012 13:42:40
VBASE012.VDF    : 7.11.42.0       2048 Bytes  06/09/2012 13:42:40
VBASE013.VDF    : 7.11.42.1       2048 Bytes  06/09/2012 13:42:40
VBASE014.VDF    : 7.11.42.65    203264 Bytes  09/09/2012 13:42:40
VBASE015.VDF    : 7.11.42.125   156672 Bytes  11/09/2012 13:42:40
VBASE016.VDF    : 7.11.42.171   187904 Bytes  12/09/2012 13:42:40
VBASE017.VDF    : 7.11.42.235   141312 Bytes  13/09/2012 13:42:40
VBASE018.VDF    : 7.11.43.35    133632 Bytes  15/09/2012 13:42:40
VBASE019.VDF    : 7.11.43.89    129024 Bytes  18/09/2012 13:42:40
VBASE020.VDF    : 7.11.43.141   130560 Bytes  19/09/2012 17:02:38
VBASE021.VDF    : 7.11.43.187   121856 Bytes  21/09/2012 07:40:42
VBASE022.VDF    : 7.11.43.251   147456 Bytes  24/09/2012 08:56:45
VBASE023.VDF    : 7.11.44.43    152064 Bytes  25/09/2012 08:31:00
VBASE024.VDF    : 7.11.44.103   165888 Bytes  27/09/2012 12:16:14
VBASE025.VDF    : 7.11.44.104     2048 Bytes  27/09/2012 12:16:14
VBASE026.VDF    : 7.11.44.105     2048 Bytes  27/09/2012 12:16:14
VBASE027.VDF    : 7.11.44.106     2048 Bytes  27/09/2012 12:16:14
VBASE028.VDF    : 7.11.44.107     2048 Bytes  27/09/2012 12:16:14
VBASE029.VDF    : 7.11.44.108     2048 Bytes  27/09/2012 12:16:14
VBASE030.VDF    : 7.11.44.109     2048 Bytes  27/09/2012 12:16:14
VBASE031.VDF    : 7.11.44.124    59392 Bytes  28/09/2012 08:00:50
Engine version  : 8.2.10.176
AEVDF.DLL       : 8.1.2.10      102772 Bytes  19/09/2012 13:42:55
AESCRIPT.DLL    : 8.1.4.56      459131 Bytes  24/09/2012 13:06:58
AESCN.DLL       : 8.1.9.2       131444 Bytes  26/09/2012 13:54:07
AESBX.DLL       : 8.2.5.12      606578 Bytes  28/08/2012 15:58:06
AERDL.DLL       : 8.1.9.15      639348 Bytes  27/08/2012 13:50:15
AEPACK.DLL      : 8.3.0.36      811382 Bytes  19/09/2012 13:42:55
AEOFFICE.DLL    : 8.1.2.48      201082 Bytes  24/09/2012 13:06:59
AEHEUR.DLL      : 8.1.4.104    5280119 Bytes  24/09/2012 13:06:58
AEHELP.DLL      : 8.1.24.0      258423 Bytes  26/09/2012 13:54:07
AEGEN.DLL       : 8.1.5.38      434548 Bytes  26/09/2012 13:54:07
AEEXP.DLL       : 8.2.0.2       115060 Bytes  26/09/2012 13:54:07
AEEMU.DLL       : 8.1.3.2       393587 Bytes  19/09/2012 13:42:55
AECORE.DLL      : 8.1.28.2      201079 Bytes  26/09/2012 13:54:07
AEBB.DLL        : 8.1.1.0        53618 Bytes  27/08/2012 13:50:12
AVWINLL.DLL     : 13.4.0.163     25888 Bytes  19/09/2012 17:09:30
AVPREF.DLL      : 13.4.0.163     50464 Bytes  19/09/2012 17:07:51
AVREP.DLL       : 13.4.0.163    177952 Bytes  19/09/2012 17:08:15
AVARKT.DLL      : 13.4.0.184    260384 Bytes  25/09/2012 08:51:51
AVEVTLOG.DLL    : 13.4.0.185    167200 Bytes  25/09/2012 08:52:37
SQLITE3.DLL     : 3.7.0.1       397088 Bytes  19/09/2012 17:17:40
AVSMTP.DLL      : 13.4.0.163     62240 Bytes  19/09/2012 17:08:55
NETNT.DLL       : 13.4.0.163     15648 Bytes  19/09/2012 17:16:26
RCIMAGE.DLL     : 13.4.0.163   4782880 Bytes  19/09/2012 18:40:13
RCTEXT.DLL      : 13.4.0.163     66336 Bytes  20/09/2012 07:18:43

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: lunedì 1 ottobre 2012  20:28

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'E:\'
    [INFO]      No virus was found!
Boot sector 'F:\'
    [INFO]      No virus was found!

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started:
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'Explorer.EXE' - '148' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '28' Module(s) have been scanned
Scan process 'chrome.exe' - '105' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '52' Module(s) have been scanned
Scan process 'chrome.exe' - '47' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '38' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '49' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '66' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'DTShellHlp.exe' - '44' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'avgnt.exe' - '90' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'avcenter.exe' - '99' Module(s) have been scanned
Scan process 'avscan.exe' - '98' Module(s) have been scanned
Scan process 'avshadow.exe' - '24' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '25' Module(s) have been scanned
Scan process 'winlogon.exe' - '26' Module(s) have been scanned
Scan process 'services.exe' - '32' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '5564' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\David.Dydek\AppData\Local\Temp\YontooSetup-Silent.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/Yontoo.E.1
          --> Intelligent_Sounds_Music_keygen.exe
              [DETECTION] Is the TR/Meredrop.A.5761 Trojan
              [WARNING]   Infected files in archives cannot be repaired
C:\Users\David.Dydek\Downloads\Intelligent_Sounds_Music_keygen.zip
  [DETECTION] Is the TR/Meredrop.A.5761 Trojan

Beginning disinfection:
C:\Users\David.Dydek\Downloads\Intelligent_Sounds_Music_keygen.zip
  [DETECTION] Is the TR/Meredrop.A.5761 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5662a367.qua'!
C:\Users\David.Dydek\AppData\Local\Temp\YontooSetup-Silent.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/Yontoo.E.1
  [NOTE]      The file was moved to the quarantine directory under the name '4ef38cc1.qua'!


End of the scan: lunedì 1 ottobre 2012  23:41
Used time:  3:12:13 Hour(s)

The scan has been canceled!

  19202 Scanned directories
 1041713 Files were scanned
      2 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      2 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 1041711 Files not concerned
  13088 Archives were scanned
      0 Warnings
      2 Notes

[SuperDave]

You didn't do adwCleaner as instructed. Please do it again and click the delete button.
Did you run SFC?

Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[Memorandum]

adwCleaner with DELETE function + relative reboot DONE
SFC done without any need of my OS disk
Combofix done...even if I CAN'T disable my antiviruses (AVG & Avira) because I can not locate them either in the processes taskmanager window as in the application tab (I can see those only in the service tab, but can not disable them)

COMBOFIX LOGFILE:





ComboFix 12-10-02.02 - David.Dydek 03/10/2012   1.21.40.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.39.1040.18.4093.3174 [GMT 2:00]
Eseguito da: c:\users\David.Dydek\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\David.Dydek\AppData\Roaming\Microsoft\Windows\Cookies\isindex.dat
c:\users\David.Dydek\AppData\Roaming\msregsvv.dll
c:\windows\msvcr71.dll
c:\windows\SysWow64\muzapp.exe
F:\resycled
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-09-02 al 2012-10-02  )))))))))))))))))))))))))))))))))))
.
.
2012-10-02 23:35 . 2012-10-02 23:35   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2012-10-02 23:35 . 2012-10-02 23:35   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2012-10-02 23:35 . 2012-10-02 23:35   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-10-02 23:35 . 2012-10-02 23:35   --------   d-----w-   c:\users\David.Dydek\AppData\Local\temp
2012-10-02 23:35 . 2012-10-02 23:35   --------   d-----w-   c:\users\Administrator\AppData\Local\temp
2012-10-01 18:24 . 2012-10-01 18:24   --------   d-----w-   c:\users\David.Dydek\AppData\Roaming\Avira
2012-10-01 18:22 . 2012-09-24 07:58   27800   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2012-10-01 18:22 . 2012-09-13 13:52   99248   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2012-10-01 18:22 . 2012-09-13 13:52   129576   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2012-10-01 18:22 . 2012-10-01 18:22   --------   d-----w-   c:\programdata\Avira
2012-10-01 18:22 . 2012-10-01 18:22   --------   d-----w-   c:\program files (x86)\Avira
2012-09-30 21:36 . 2012-09-30 21:36   --------   d-----w-   c:\users\David.Dydek\AppData\Roaming\Malwarebytes
2012-09-30 21:34 . 2012-09-30 21:34   --------   d-----w-   c:\programdata\Malwarebytes
2012-09-30 21:34 . 2012-09-30 21:34   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-30 21:34 . 2012-09-07 15:04   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-30 20:22 . 2012-09-30 20:22   --------   d-----w-   c:\users\David.Dydek\AppData\Roaming\SUPERAntiSpyware.com
2012-09-30 20:19 . 2012-10-01 22:02   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-09-30 20:19 . 2012-09-30 20:19   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-09-30 01:16 . 2012-09-30 01:18   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-09-29 11:18 . 2012-08-23 09:31   35192   ----a-w-   c:\windows\system32\TURegOpt.exe
2012-09-29 11:18 . 2012-08-23 09:31   26488   ----a-w-   c:\windows\system32\authuitu.dll
2012-09-29 11:18 . 2012-08-23 09:31   21880   ----a-w-   c:\windows\SysWow64\authuitu.dll
2012-09-29 11:17 . 2012-09-29 11:17   --------   d-----w-   c:\users\David.Dydek\AppData\Roaming\AVG
2012-09-29 11:15 . 2012-09-29 11:18   --------   d-----w-   c:\programdata\AVG
2012-09-29 11:14 . 2012-09-29 11:14   --------   d-sh--w-   c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-29 10:32 . 2012-09-29 10:32   --------   d-----w-   c:\users\David.Dydek\AppData\Local\Apps
2012-09-28 19:18 . 2012-09-28 19:18   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-09-28 19:17 . 2012-09-28 19:17   95208   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-23 01:11 . 2012-08-24 11:15   17810944   ----a-w-   c:\windows\system32\mshtml.dll
2012-09-23 01:11 . 2012-08-24 10:39   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-09-22 22:44 . 2012-08-21 11:01   33240   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-22 22:43 . 2012-09-22 22:43   --------   d-----w-   c:\program files\iPod
2012-09-22 22:43 . 2012-09-22 22:44   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-22 22:43 . 2012-09-22 22:44   --------   d-----w-   c:\program files\iTunes
2012-09-22 22:43 . 2012-09-22 22:44   --------   d-----w-   c:\program files (x86)\iTunes
2012-09-18 08:51 . 2012-08-27 23:49   9310152   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EAED5F3-C0A2-48FD-9C47-743669918336}\mpengine.dll
2012-09-07 15:00 . 2012-09-07 15:00   --------   d-----w-   c:\users\David.Dydek\AppData\Roaming\Balabolka
2012-09-07 15:00 . 2012-09-07 15:00   --------   d-----w-   c:\program files (x86)\Balabolka
2012-09-04 23:54 . 2012-09-04 23:54   31080   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2012-09-03 08:20 . 2012-09-03 08:20   --------   d-----w-   c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-28 19:16 . 2012-07-01 10:47   821736   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 19:16 . 2011-05-06 08:59   746984   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-09-23 17:22 . 2012-05-04 09:13   696240   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-23 17:22 . 2011-05-21 20:02   73136   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 01:01 . 2006-11-02 12:35   64462936   ----a-w-   c:\windows\system32\mrt.exe
2012-08-24 13:43 . 2012-08-24 13:43   384352   ----a-w-   c:\windows\system32\drivers\avgtdia.sys
2012-08-21 11:01 . 2011-05-05 08:59   125872   ----a-w-   c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-05-05 08:59   106928   ----a-w-   c:\windows\SysWow64\GEARAspi.dll
2012-07-26 01:21 . 2012-07-26 01:21   291680   ----a-w-   c:\windows\system32\drivers\avgldx64.sys
2012-07-23 11:32 . 2012-09-01 19:36   102160   ----a-w-   c:\windows\system32\drivers\MsgPlusDriver.sys
2012-07-09 11:42 . 2012-07-09 11:42   4547984   ----a-w-   c:\windows\system32\usbaaplrc.dll
2012-07-09 11:42 . 2012-07-09 11:42   52736   ----a-w-   c:\windows\system32\drivers\usbaapl64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 250288]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 17:22]
.
2012-09-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-627423469-2756091447-589875621-1002Core.job
- c:\users\David.Dydek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 23:25]
.
2012-10-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-627423469-2756091447-589875621-1002UA.job
- c:\users\David.Dydek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 23:25]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05 16:52]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05 16:52]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627423469-2756091447-589875621-1002Core.job
- c:\users\David.Dydek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 07:57]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627423469-2756091447-589875621-1002UA.job
- c:\users\David.Dydek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 07:57]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mSearchAssistant = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
URLSearchHooks-{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - (no file)
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
URLSearchHooks-{0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
SafeBoot-45350440.sys
SafeBoot-54888757.sys
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{0A452A47-C5A8-4854-A237-4B9B06B376F0} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va006]
"ImagePath"="\??\c:\users\DAVID~1.DYD\AppData\Local\Temp\0069232.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-627423469-2756091447-589875621-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:e4,19,cc,e6,b8,18,3f,a7,4b,14,97,4e,29,7a,4b,aa,a0,48,d3,c8,9b,ec,ba,
   0c,41,93,03,dd,28,4f,b0,1a,5e,1b,df,16,6b,5f,54,b9,a3,b6,45,18,1f,9f,7b,5e,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-627423469-2756091447-589875621-1002\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:d4,c1,15,0f,d4,8d,59,19,03,3b,c2,92,c7,d4,c8,45,00,6f,d5,30,1a,
   66,a1,91,78,47,61,a2,56,f2,f2,9b,67,a5,f4,31,4d,a5,a3,bf,1b,9c,4a,c9,f2,ea,\
"rkeysecu"=hex:d8,80,22,dc,7b,2d,99,3d,49,28,b3,0d,c4,41,11,37
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2012-10-03  01:37:55
ComboFix-quarantined-files.txt  2012-10-02 23:37
.
Pre-Run: 39.604.875.264 byte disponibili
Post-Run: 39.529.246.720 byte disponibili
.
- - End Of File - - D1E7B9DA8B50E74E5BAD838A78BFE3D5









hope it is enough. =|

[Memorandum]

I tried to run my pc in normal mode and explorer immediately ceased to work! 

[SuperDave]

even if I CAN'T disable my antiviruses (AVG & Avira)

You should only have one AV program running on your computer at any time. If you need help removing one, please let me know.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[Memorandum]

Just one note: yesterday after combofix repair everything was working fine in normal mode, but when I turned off vista some system updates started. Today, when I started my pc it was keeping blocked on the acer screen, I tried also to push F8 or F12 or whatever but nothing changed since I removed the USB pendrive and the USB audio drive..now I'm doing what you suggested with the kaspersky tool.