Windows Infected... Trojan.Sharpro Nvidia?

[nasroo7]

Does CCleaner save a log somewhere? I have the portable version...

[nasroo7]

ComboFix
NOTE: The computer freezed during the first time (When it asked me to disable Microsoft Security Essentials)


ComboFix 11-10-28.04 - Nas 10/28/2011  13:00:56.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3957.2544 [GMT -4:00]
Running from: c:\users\Nas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\DisplayBackupOnline.dll
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome.manifest
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome\xulcache.jar
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\defaults\preferences\xulcache.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\install.rdf
c:\users\Nas\AppData\Local\{08583A71-F8CF-4D82-9516-4C5A8117F2CB}
c:\users\Nas\AppData\Local\{08583A71-F8CF-4D82-9516-4C5A8117F2CB}\chrome.manifest
c:\users\Nas\AppData\Local\{08583A71-F8CF-4D82-9516-4C5A8117F2CB}\chrome\content\overlay.xul
c:\users\Nas\AppData\Local\{08583A71-F8CF-4D82-9516-4C5A8117F2CB}\install.rdf
c:\users\Nas\AppData\Local\Activision\ActivisionUpdate\Activisionupdt32.dll
c:\users\Nas\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll
c:\users\Nas\AppData\Roaming\Adobe\plugs
c:\users\Nas\AppData\Roaming\Adobe\shed
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome.manifest
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome\xulcache.jar
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\defaults\preferences\xulcache.js
c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\install.rdf
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-28 to 2011-10-28  )))))))))))))))))))))))))))))))
.
.
2011-10-28 17:08 . 2011-10-28 17:08   69000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7876A915-C731-41F0-A6F2-294A2E344B6F}\offreg.dll
2011-10-28 17:07 . 2011-10-28 17:07   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2011-10-28 17:07 . 2011-10-28 17:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-10-28 06:39 . 2011-10-28 06:39   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-10-28 06:37 . 2011-10-28 06:37   --------   d-----w-   c:\users\Nas\AppData\Roaming\Sawer
2011-10-28 06:36 . 2011-10-28 06:37   --------   d-----w-   c:\users\Nas\AppData\Roaming\Juce VST Host
2011-10-28 06:24 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7876A915-C731-41F0-A6F2-294A2E344B6F}\mpengine.dll
2011-10-26 21:09 . 2011-10-26 21:09   83456   ----a-w-   c:\windows\SysWow64\srrstr.dll
2011-10-25 17:54 . 2011-10-25 17:54   --------   d-----w-   c:\users\UpdatusUser
2011-10-25 17:53 . 2011-10-15 08:53   837952   ----a-w-   c:\windows\system32\easyupdatusapiu64.dll
2011-10-25 17:51 . 2011-10-25 17:54   --------   d-----w-   c:\program files\NVIDIA Corporation
2011-10-25 17:51 . 2011-10-25 17:51   --------   d-----w-   C:\NVIDIA
2011-10-25 16:57 . 2011-10-25 16:57   --------   d-----w-   c:\program files (x86)\EA Games
2011-10-25 05:10 . 2011-10-25 05:18   --------   d-----w-   c:\users\Nas\AppData\Roaming\Download Manager
2011-10-24 20:52 . 2011-10-24 20:52   --------   d-----w-   c:\users\Nas\AppData\Local\Facebook
2011-10-22 05:36 . 2011-10-22 05:36   --------   d-----w-   c:\program files (x86)\Visicom Media
2011-10-19 04:30 . 2011-10-19 04:30   --------   d-----w-   c:\program files (x86)\SubtitlesSynch
2011-10-16 04:26 . 2011-10-16 04:26   --------   d-----w-   c:\program files\CCleaner
2011-10-15 04:54 . 2011-10-15 04:54   321856   ----a-w-   c:\windows\SysWow64\nvStreaming.exe
2011-10-13 19:52 . 2011-10-13 19:52   --------   d-----w-   c:\users\Nas\AppData\Roaming\Template
2011-10-13 01:06 . 2011-09-06 03:03   3138048   ----a-w-   c:\windows\system32\win32k.sys
2011-10-13 01:06 . 2011-08-17 05:26   613888   ----a-w-   c:\windows\system32\psisdecd.dll
2011-10-13 01:06 . 2011-08-17 04:19   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
2011-10-13 01:06 . 2011-08-17 04:24   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
2011-10-13 01:06 . 2011-08-17 05:25   108032   ----a-w-   c:\windows\system32\psisrndr.ax
2011-10-13 01:06 . 2011-08-27 05:37   331776   ----a-w-   c:\windows\system32\oleacc.dll
2011-10-13 01:06 . 2011-08-27 04:26   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-10-13 01:06 . 2011-08-27 05:37   861696   ----a-w-   c:\windows\system32\oleaut32.dll
2011-10-13 01:06 . 2011-08-27 04:26   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-10-11 18:46 . 2010-11-30 15:43   601424   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-10-11 18:45 . 2011-10-11 18:45   917840   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{868B6634-68E0-4C71-AC68-723CB703D751}\gapaengine.dll
2011-10-10 15:09 . 2011-10-10 15:09   4550304   ----a-w-   c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-09-28 23:30 . 2011-09-28 23:30   --------   d-----w-   c:\program files (x86)\HyperCam 2
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 17:09 . 2010-04-24 21:15   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2011-10-28 06:38 . 2010-07-09 18:58   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-10-15 08:53 . 2009-10-03 20:02   1640768   ----a-w-   c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2009-10-03 20:01   539456   ----a-w-   c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2009-10-03 20:01   5067584   ----a-w-   c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2009-10-03 20:01   3074368   ----a-w-   c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2009-10-03 20:01   222528   ----a-w-   c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2009-10-03 20:01   137536   ----a-w-   c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2009-10-03 20:01   10406208   ----a-w-   c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2009-10-03 14:32   2808128   ----a-w-   c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2009-10-03 14:32   13205312   ----a-w-   c:\windows\SysWow64\nvd3dum.dll
2011-10-07 04:16 . 2011-09-14 22:17   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-14 17:09 . 2009-07-14 02:36   152576   ----a-w-   c:\windows\SysWow64\msclmd.dll
2011-09-14 17:09 . 2009-07-14 02:36   175616   ----a-w-   c:\windows\system32\msclmd.dll
2011-08-31 21:00 . 2010-12-16 05:54   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-12 04:10 . 2011-09-13 14:58   8862544   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD9A08B0-0935-49CB-856B-DB9FEFBA5F11}\mpengine.dll
2011-08-10 02:15 . 2011-08-10 02:15   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-10 02:15 . 2011-08-10 02:15   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2011-08-10 02:15 . 2011-08-10 02:15   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2011-08-10 02:15 . 2011-08-10 02:15   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-10 02:15 . 2011-08-10 02:15   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2011-08-10 02:15 . 2011-08-10 02:15   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2011-08-10 02:15 . 2011-08-10 02:15   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2011-08-10 02:15 . 2011-08-10 02:15   367104   ----a-w-   c:\windows\SysWow64\html.iec
2011-08-10 02:15 . 2011-08-10 02:15   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2011-08-10 02:15 . 2011-08-10 02:15   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2011-08-10 02:15 . 2011-08-10 02:15   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2011-08-10 02:15 . 2011-08-10 02:15   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2011-08-10 02:15 . 2011-08-10 02:15   1427456   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2011-08-10 02:15 . 2011-08-10 02:15   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2011-08-10 02:15 . 2011-08-10 02:15   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2011-08-10 02:15 . 2011-08-10 02:15   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2011-08-10 02:15 . 2011-08-10 02:15   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2011-08-10 02:15 . 2011-08-10 02:15   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2011-08-10 02:15 . 2011-08-10 02:15   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-08-10 02:15 . 2011-08-10 02:15   222208   ----a-w-   c:\windows\system32\msls31.dll
2011-08-10 02:15 . 2011-08-10 02:15   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-08-10 02:15 . 2011-08-10 02:15   12288   ----a-w-   c:\windows\system32\mshta.exe
2011-08-10 02:15 . 2011-08-10 02:15   114176   ----a-w-   c:\windows\system32\admparse.dll
2011-08-10 02:15 . 2011-08-10 02:15   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-08-10 02:15 . 2011-08-10 02:15   49664   ----a-w-   c:\windows\system32\imgutil.dll
2011-08-10 02:15 . 2011-08-10 02:15   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-08-10 02:15 . 2011-08-10 02:15   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-08-10 02:15 . 2011-08-10 02:15   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2011-08-10 02:15 . 2011-08-10 02:15   76800   ----a-w-   c:\windows\system32\tdc.ocx
2011-08-10 02:15 . 2011-08-10 02:15   85504   ----a-w-   c:\windows\system32\iesetup.dll
2011-08-10 02:15 . 2011-08-10 02:15   448512   ----a-w-   c:\windows\system32\html.iec
2011-08-10 02:15 . 2011-08-10 02:15   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-10 02:15 . 2011-08-10 02:15   1492992   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-08-10 02:15 . 2011-08-10 02:15   603648   ----a-w-   c:\windows\system32\vbscript.dll
2011-08-10 02:15 . 2011-08-10 02:15   165888   ----a-w-   c:\windows\system32\iexpress.exe
2011-08-10 02:15 . 2011-08-10 02:15   160256   ----a-w-   c:\windows\system32\wextract.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08   143360   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-22 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-22 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3596009218-1777886604-2241043216-1000Core.job
- c:\users\Nas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 20:52]
.
2011-10-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3596009218-1777886604-2241043216-1000UA.job
- c:\users\Nas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 20:52]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 23:18]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 23:18]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3596009218-1777886604-2241043216-1000Core.job
- c:\users\Nas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:45]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3596009218-1777886604-2241043216-1000UA.job
- c:\users\Nas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:45]
.
2011-09-11 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2011-09-11 15:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52   159744   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bigseekpro.com/hypercam/{7617EF1E-D4A9-4651-9E2C-B654D3D11399}
mStart Page = hxxp://www.bigseekpro.com/hypercam/{7617EF1E-D4A9-4651-9E2C-B654D3D11399}
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\6427565675966696: DhcpNameServer = 212.27.40.241 212.27.40.242
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\C496675626F687D214442383: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F23B2AFE-C1E7-481E-853C-7FDD2026B937}\D4F657C616: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\
FF - prefs.js: keyword.URL - hxxp://www.scanquery.com/?tmp=nemo_results_removelink&prt=ScnqryPB&keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60394
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: [email protected] - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DisplayBackupOnline - c:\programdata\DisplayBackupOnline.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3596009218-1777886604-2241043216-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýU†j]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3596009218-1777886604-2241043216-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýU†j\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3596009218-1777886604-2241043216-1000\Software\SecuROM\License information*]
"datasecu"=hex:5f,c0,02,a7,b9,b5,32,30,09,db,e0,b1,67,ec,2d,bf,b4,ca,cd,08,42,
   6c,f9,29,62,04,1f,e3,1f,f2,59,ed,b3,55,88,58,75,cf,c5,1e,0e,24,48,72,eb,39,\
"rkeysecu"=hex:1e,87,b4,a3,5d,ca,24,e3,33,c6,f6,5f,28,f5,86,96
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Completion time: 2011-10-28  13:14:15 - machine was rebooted
ComboFix-quarantined-files.txt  2011-10-28 17:14
.
Pre-Run: 42,653,626,368 bytes free
Post-Run: 42,405,965,824 bytes free
.
- - End Of File - - BD0511F92914382D46D414936F4C38BB

[nasroo7]

HEre is it...
I finished with those one... But couldn't find a log for CCLeaner... do you know if it saved somewhere?

Thank you

[Dr Jay]

No need for CCleaner log.


ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

[nasroo7]

So, I scanned with ESET.
The first time, ESET found one thread to remove, but when I wanted to save a log, Windows crashed...
So I restarted Windows, and did another scan 5min later.... But he found more things...


C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe   a variant of Win32/Adware.AdvPCTweak application
C:\Qoobox\Quarantine\C\ProgramData\DisplayBackupOnline.dll.vir   a variant of Win32/Kryptik.UNZ trojan
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ya9829x9.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome.manifest.vir   Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Nas\AppData\Local\Activision\ActivisionUpdate\Activisionupdt32.dll.vir   a variant of Win32/Kryptik.UNZ trojan
C:\Qoobox\Quarantine\C\Users\Nas\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll.vir   a variant of Win32/Kryptik.UNZ trojan
C:\Qoobox\Quarantine\C\Users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\74j0np1d.default\extensions\{d8a7ef98-7e29-4def-8b9e-62d8eabdb471}\chrome.manifest.vir   Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Nas\AppData\Local\Google\Chrome\User Data\Default\Default\dlihhkfjijkboimenpffikpdeinlfjnp\contentscript.js   Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Nas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\34584228-2f069fa4   Java/Agent.AC trojan
C:\Users\Nas\Desktop\SAVE\Nas\Hack\ophcrack-win32-installer-3.3.1.exe   multiple threats
C:\Users\Nas\Downloads\AdvancedPCTweaker.exe   a variant of Win32/Adware.AdvPCTweak application
C:\Users\Nas\Downloads\avc-free(2).exe   Win32/OpenCandy application
C:\Users\Nas\Downloads\cnet_mp3gain-win-1_2_5_exe.exe   a variant of Win32/InstallCore.D application
C:\Users\Nas\Downloads\cnet_SubtitlesSynchSetup_exe.exe   a variant of Win32/InstallCore.D application
C:\Users\Nas\Downloads\Fl.Studio.9.Prensboard.Com.rar   Win32/OpenCandy application
C:\Users\Nas\Downloads\packenergieettechnologieV22011EXIT.rar   a variant of Win32/Keygen.AS application
C:\Users\Nas\Downloads\packenergieettechnologieV22011EXIT.rar.001.exe   a variant of Win32/Keygen.AS application
C:\Users\Nas\Downloads\scripts_2010_by_leo.zip   multiple threats
C:\Users\Nas\Downloads\slg.ab.rar   a variant of Win32/HackTool.Patcher.D application
C:\Users\Nas\Downloads\software_informer.exe   probably a variant of Win32/SWInformer application
C:\Users\Nas\Downloads\Fl Studio 9\flstudio_9.0.exe   Win32/OpenCandy application
C:\Users\Nas\Downloads\slg.ab\slg.ab\Patch\Patch.exe   a variant of Win32/HackTool.Patcher.D application
C:\Users\Nas\Downloads\slg.abrio\slg.abrio\Patch\Patch.exe   a variant of Win32/HackTool.Patcher.D application
C:\Windows\System32\srrstr.dll   a variant of Win32/Kryptik.UNZ trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab   a variant of Win32/Adware.OneStep.Z application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab   a variant of Win32/Adware.OneStep.Z application
C:\Windows\SysWOW64\srrstr.dll   a variant of Win32/Kryptik.UNZ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab   a variant of Win32/Adware.OneStep.Z application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab   a variant of Win32/Adware.OneStep.Z application

[Dr Jay]

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)[/color]

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be neutralized then choose the delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  Note: This tool will self uninstall when you close it so please save the log before closing it.

[nasroo7]

Hi,

I'm sorry I didn't reply sooner.
But actually I already ran this tool on another computer, and the scan took 24h to finish, and because I work with my laptop (From 9am to 8pm), I procrastinated to run it... And now it's been almost two months...
What should I do ?
Run it anyway? Or start over?

Actually, the computer run fine, and there is no visible sign of infection.

What is your advice?

Thank you for all your help! You make the world a better place !

[SuperDave]

Actually, the computer run fine, and there is no visible sign of infection.

Sorry. I misunderstood. In that case we can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*********************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[nasroo7]

OK, great!
I try all of that.

Do I absolutely have to uninstall combofix?

And after I run all of that... I'm done with this laptop?
there is no need of any log posting?

[SuperDave]

Do I absolutely have to uninstall combofix?

And after I run all of that... I'm done with this laptop?
there is no need of any log posting?

Yes, you should uninstall ComboFix. You no longer need it and it should not be used unless an expert is helping your.
You are done. There are no other logs to post. I will lock this thread. If you need it re-opened, please send me a pm.