IE redirection to apype.com

Solved
By MikeA
Feb 11, 2012
  1. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    Hey Broni...

    I'm pretty tired so I'm going to bed right now.
    Please leave me further instructions, I'll do my part tomorrow first thing :)

    Best,

    Michele
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Open IE 32-bit, go Tools>Internet options>Advanced tab and click on "Reset" button.
    Restart IE.
    Still redirecting?
  3. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    Yes Broni,

    still redirecting :(

    M
  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Let's try to reset your router...

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
  5. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    Hi Broni,

    I've done everything as instructed but...still getting redirected :-/

    Here's a snapshot of the cmd window:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>ipconfig /flushdns

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    C:\Windows\system32>ipconfig /registerdns

    Windows IP Configuration

    Registration of the DNS resource records for all adapters of this computer has b
    een initiated. Any errors will be reported in the Event Viewer in 15 minutes.

    C:\Windows\system32>ipconfig /release

    Windows IP Configuration

    No operation can be performed on Local Area Connection while it has its media di
    sconnected.

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . :
    Link-local IPv6 Address . . . . . : fe80::90e6:a417:10eb:1802%17
    Default Gateway . . . . . . . . . :

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Tunnel adapter 6TO4 Adapter:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Tunnel adapter isatap.{1124307C-7A8D-4C66-BC36-96DF5CA914B4}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3414:bb1:abe4:317
    Link-local IPv6 Address . . . . . : fe80::3414:bb1:abe4:317%20
    Default Gateway . . . . . . . . . : ::

    C:\Windows\system32>ipconfig /renew

    Windows IP Configuration

    No operation can be performed on Local Area Connection while it has its media di
    sconnected.

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . :
    Link-local IPv6 Address . . . . . : fe80::90e6:a417:10eb:1802%17
    IPv4 Address. . . . . . . . . . . : 192.168.178.12
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.178.1

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Tunnel adapter 6TO4 Adapter:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Tunnel adapter isatap.{1124307C-7A8D-4C66-BC36-96DF5CA914B4}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:18d2:2e84:3f57:4df3
    Link-local IPv6 Address . . . . . : fe80::18d2:2e84:3f57:4df3%20
    Default Gateway . . . . . . . . . : ::

    C:\Windows\system32>net stop "dns client"
    The DNS Client service is stopping.
    The DNS Client service could not be stopped.


    C:\Windows\system32>net start "dns client"
    The requested service has already been started.

    More help is available by typing NET HELPMSG 2182.


    C:\Windows\system32>net stop "dns client"
    The DNS Client service is stopping.
    The DNS Client service was stopped successfully.


    C:\Windows\system32>net start "dns client"
    The DNS Client service is starting.
    The DNS Client service was started successfully.
    -------------------------------------------------------------------------------------------------------

    ...The only thing is that I had to stop the dns client twice before I got it made, but everything else went as expected I'd say...

    Thanks for keepin' up :)

    M
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
    NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    exit

    Restart computer.

    Check for redirections.
  7. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    Hi Broni,

    done all. Still redirecting.

    M
  8. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Delete your Combofix file, download fresh one and post new log.
  9. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    ComboFix 12-02-15.01 - Michele 15-02-2012 20:00:30.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8104.6282 [GMT 1:00]
    Gestart vanuit: c:\users\Michele\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-01-15 to 2012-02-15 ))))))))))))))))))))))))))))))
    .
    .
    2012-02-15 19:05 . 2012-02-15 19:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-02-15 19:05 . 2012-02-15 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-15 19:05 . 2012-02-15 19:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-02-12 20:50 . 2012-02-12 20:50 -------- d-----w- c:\users\Michele\AppData\Local\Windows Live
    2012-02-11 22:39 . 2012-02-11 22:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79136599-DA56-4211-8D08-9A6326390EDF}\offreg.dll
    2012-02-11 22:29 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-02-11 22:29 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-02-11 22:29 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-11 22:29 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-02-11 22:29 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-02-11 22:29 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
    2012-02-11 22:29 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-11 22:29 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-11 22:29 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-02-11 22:29 . 2012-02-11 22:29 -------- d-----w- c:\programdata\AVAST Software
    2012-02-11 22:29 . 2012-02-11 22:29 -------- d-----w- c:\program files\AVAST Software
    2012-02-11 21:11 . 2012-02-11 21:11 -------- d-----w- c:\users\Michele\AppData\Roaming\Malwarebytes
    2012-02-11 21:10 . 2012-02-11 21:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-11 21:10 . 2012-02-11 21:10 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-11 21:10 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-11 00:00 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79136599-DA56-4211-8D08-9A6326390EDF}\mpengine.dll
    2012-02-05 19:14 . 2012-02-05 19:27 -------- d-----w- c:\program files (x86)\40tude Dialog
    2012-02-04 10:09 . 2012-02-04 10:09 -------- d-----w- c:\users\Michele\AppData\Local\Unity
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 23:52 . 2011-07-28 14:12 279656 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-01 20:43 . 2011-12-01 20:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-12-01 20:43 . 2011-12-01 20:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-11-24 04:52 . 2011-12-15 17:10 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-11-19 14:58 . 2012-01-11 07:38 77312 ----a-w- c:\windows\system32\packager.dll
    2011-11-19 14:01 . 2012-01-11 07:38 67072 ----a-w- c:\windows\SysWow64\packager.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-12_21.17.52 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-02-12 20:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-02-15 17:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-02-12 20:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-02-15 17:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-02-12 20:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-02-15 17:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-25 14:39 . 2012-02-15 17:52 52340 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-02-15 17:52 35958 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-07-28 13:56 . 2012-02-15 17:52 11368 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-981944830-553675151-235582288-1002_UserData.bin
    + 2011-07-28 13:47 . 2012-02-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-28 13:47 . 2012-02-07 06:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-07-28 13:47 . 2012-02-14 22:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-07-28 13:47 . 2012-02-07 06:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-02-07 06:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-02-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-07-28 13:56 . 2012-02-12 20:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-07-28 13:56 . 2012-02-15 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-28 13:56 . 2012-02-12 20:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-07-28 13:56 . 2012-02-15 17:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-07-28 13:56 . 2012-02-12 20:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-07-28 13:56 . 2012-02-15 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-07-28 14:09 . 2012-02-12 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-07-28 14:09 . 2012-02-15 18:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-28 14:09 . 2012-02-12 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-07-28 14:09 . 2012-02-15 18:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-21 12:09 . 2012-02-12 21:25 4864 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-02-26 05:55 . 2012-02-15 17:47 3359 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2011-02-26 05:55 . 2012-02-12 21:16 3359 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2012-02-12 21:16 . 2012-02-12 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-02-15 17:50 . 2012-02-15 17:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-02-12 21:16 . 2012-02-12 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-02-15 17:50 . 2012-02-15 17:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:12 . 2012-02-04 22:34 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2012-02-14 22:03 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:01 . 2012-02-15 17:47 322520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-02-12 21:16 322520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-07-28 17:10 . 2012-02-15 17:47 495852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-981944830-553675151-235582288-1002-8192.dat
    - 2011-07-28 17:10 . 2012-02-12 21:16 495852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-981944830-553675151-235582288-1002-8192.dat
    - 2011-07-28 21:13 . 2012-02-12 21:16 1470160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-07-28 21:13 . 2012-02-15 17:47 1470160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{657E195F-066D-435C-92DB-7C261E6FE832}]
    2011-05-30 08:06 389632 ----a-w- c:\program files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{657E195F-066D-435C-92DB-7C261E6FE832}"= "c:\program files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll" [2011-05-30 389632]
    .
    [HKEY_CLASSES_ROOT\clsid\{657e195f-066d-435c-92db-7c261e6fe832}]
    [HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImpl.1]
    [HKEY_CLASSES_ROOT\TypeLib\{B53860A8-B905-4879-876F-EC18E33C623B}]
    [HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImpl]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-09-17 160328]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-02 21392]
    "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-12-12 22459984]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-02 928656]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-01 296056]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    c:\users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/25 22:14;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe [x]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
    R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
    S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-14 1997416]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S2 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2011-05-18 2016504]
    S2 WTService;WTService;c:\windows\System32\atwtusb.exe [x]
    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys [x]
    S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys [x]
    S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *Deregistered* - CLKMDRV10_38F51D56
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 15:14]
    .
    2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 15:14]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-17 11613288]
    "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "MacroKeyManager"="WTMKM.exe" [2010-02-09 6482152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = hxxp://samsung.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-02-15 20:06:51
    ComboFix-quarantined-files.txt 2012-02-15 19:06
    .
    Pre-Run: 50.431.361.024 bytes free
    Post-Run: 50.231.025.664 bytes free
    .
    - - End Of File - - BAF8FF7FBA0E93206C79DDAB2AADB009
  10. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    ...Always redirecting, by the way...
  11. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    ..Going to sleep..Will read your reply tomorrow.

    Michele
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    In my reply #27 I asked you to reset IE.
    I'm not sure how you did it since I still can see all kind of toolbars there.

    Redo reset and post new OTL log.
  13. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    ...So...Things are getting a bit strange.

    Firstly, I always did what you asked me to do. When you asked to reset, I did.

    Now, I reset IE 32 again by going Tools->Internet Options->Advanced->Reset
    but when I restart IE, my Roboform Toolbar is nevertheless there.

    Secondly, I ran OTL as administrator again, pasting the custom scan directives as instructed in reply #16.

    Strangely enough, I only get OTL.txt and no Extras.txt

    I ran it twice, restarting the machine in between...Here's the OTL log

    OTL logfile created on: 2/16/2012 7:43:41 PM - Run 3
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michele\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

    7.91 Gb Total Physical Memory | 6.22 Gb Available Physical Memory | 78.56% Memory free
    15.83 Gb Paging File | 14.04 Gb Available in Paging File | 88.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 105.00 Gb Total Space | 47.67 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
    Drive D: | 467.62 Gb Total Space | 131.29 Gb Free Space | 28.08% Space Free | Partition Type: NTFS
    Drive E: | 5.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: SAMSUNGRF711 | User Name: Michele | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/12 23:12:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michele\Desktop\OTL.exe
    PRC - [2011/12/12 18:21:54 | 022,459,984 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
    PRC - [2011/12/01 21:43:52 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/11/28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/11/02 16:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2011/11/02 16:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2011/09/17 21:32:22 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2011/05/18 21:40:06 | 002,016,504 | ---- | M] (UltraVNC) -- C:\Program Files (x86)\UltraVNC\winvnc.exe
    PRC - [2010/12/15 00:01:16 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2010/12/14 03:59:42 | 000,607,400 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
    PRC - [2010/12/06 12:44:36 | 000,943,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2010/12/06 12:44:28 | 007,058,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
    PRC - [2010/11/14 16:30:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2010/11/10 00:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2010/10/22 17:58:34 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2010/10/06 06:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/10/06 06:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/07/23 11:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/16 19:36:09 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\de7b98adae0cf9ef3ee34eba29b9e0d9\PresentationFramework.ni.dll
    MOD - [2012/02/16 19:35:58 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7d0085af8163b715488f2ed72d2b404\PresentationCore.ni.dll
    MOD - [2012/02/16 19:35:54 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\8f178c27be36f9a08ab5ef6b26edd53c\System.Windows.Forms.ni.dll
    MOD - [2012/02/16 19:35:51 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e6a421765ab129b5a12db40f1ad11b33\System.Core.ni.dll
    MOD - [2012/02/16 19:35:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\328128459fb93ae5bb4d813f1c25f882\System.Xml.ni.dll
    MOD - [2012/02/16 19:35:46 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ed88e619ee2f7890f095327c9e6c4f47\WindowsBase.ni.dll
    MOD - [2012/02/16 19:35:44 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48763e13ab42d7d355deba3265ea3223\System.Drawing.ni.dll
    MOD - [2012/02/16 19:35:44 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8bddd0d3155a3edec42e3039493095c7\PresentationFramework.Aero.ni.dll
    MOD - [2012/02/16 19:35:42 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dc9a87796af6bbda69eb6415f081d7d5\System.ni.dll
    MOD - [2012/02/16 18:08:05 | 000,115,137 | ---- | M] () -- C:\Users\Michele\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
    MOD - [2011/11/02 16:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2011/10/14 21:38:48 | 014,408,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll
    MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/07/15 01:01:04 | 000,510,024 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
    SRV:64bit: - [2010/10/22 17:58:34 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010/10/08 01:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
    SRV:64bit: - [2010/01/27 15:27:24 | 000,665,320 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/05/18 21:40:06 | 002,016,504 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files (x86)\UltraVNC\WinVNC.exe -- (uvnc_service)
    SRV - [2010/12/15 00:01:16 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/10/06 06:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/10/06 06:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/08/25 04:07:38 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
    SRV - [2010/07/23 11:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010/06/03 18:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/11/28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/11/28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/11/28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/11/28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/11/28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/11/28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/10/27 02:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2011/10/27 02:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV:64bit: - [2011/10/27 02:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2011/10/27 02:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV:64bit: - [2011/07/15 00:30:50 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
    DRV:64bit: - [2011/07/15 00:30:50 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
    DRV:64bit: - [2011/07/15 00:30:50 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
    DRV:64bit: - [2011/07/15 00:30:50 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/12/15 00:01:14 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2010/12/03 05:55:32 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/12/03 05:55:32 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/11/29 06:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/25 20:31:32 | 000,409,192 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/10 00:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/10/15 09:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/10/08 01:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/09/21 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/21 08:20:30 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
    DRV:64bit: - [2010/09/14 23:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/09/14 23:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/08/31 02:13:02 | 000,118,664 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/08/21 01:21:38 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/07/29 01:23:08 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/03/02 08:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/08/26 12:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
    DRV:64bit: - [2009/08/07 02:35:34 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV:64bit: - [2009/03/08 18:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
    DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2011/04/21 12:33:15 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




    IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
    IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
    IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michele\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/02/25 16:12:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/25 16:12:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/25 16:13:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/01 21:44:15 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\MFToolbar@skywebsearch.com: C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\FF [2011/07/28 18:59:37 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/02/12 22:17:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (MFSearch) - {657E195F-066D-435C-92DB-7C261E6FE832} - C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll (AudioEngines)
    O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MFSearch) - {657E195F-066D-435C-92DB-7C261E6FE832} - C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll (AudioEngines)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKU\S-1-5-21-981944830-553675151-235582288-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-981944830-553675151-235582288-1002\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-981944830-553675151-235582288-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-981944830-553675151-235582288-1002..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKU\S-1-5-21-981944830-553675151-235582288-1002..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-981944830-553675151-235582288-1002..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
    O4 - HKU\S-1-5-21-981944830-553675151-235582288-1002..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\S-1-5-21-981944830-553675151-235582288-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-981944830-553675151-235582288-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-981944830-553675151-235582288-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-981944830-553675151-235582288-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1124307C-7A8D-4C66-BC36-96DF5CA914B4}: DhcpNameServer = 212.54.40.25 212.54.35.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8086BF51-4CF3-44C4-AD59-1D93FA29A6AF}: DhcpNameServer = 212.54.40.25 212.54.35.25
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/16 18:07:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/15 19:57:41 | 004,404,931 | R--- | C] (Swearware) -- C:\Users\Michele\Desktop\ComboFix.exe
    [2012/02/12 23:11:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michele\Desktop\OTL.exe
    [2012/02/12 22:23:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/12 22:10:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/12 22:10:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/12 22:10:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/12 22:10:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/12 22:10:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/12 21:50:23 | 000,000,000 | ---D | C] -- C:\Users\Michele\Documents\CyberLink
    [2012/02/12 21:50:20 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\Windows Live
    [2012/02/12 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\{F1145FCE-9C8D-4734-A8DF-0C50300376AE}
    [2012/02/12 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\{944DC6AD-DE67-4321-8831-CCA791652721}
    [2012/02/12 21:37:06 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Michele\Desktop\FixTDSS.exe
    [2012/02/12 21:17:00 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michele\Desktop\tdsskiller.exe
    [2012/02/12 09:41:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/02/12 08:58:18 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Michele\Desktop\aswMBR.exe
    [2012/02/11 23:29:26 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/02/11 23:29:26 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/02/11 23:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/02/11 23:29:25 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/02/11 23:29:25 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/02/11 23:29:25 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2012/02/11 23:29:24 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/02/11 23:29:24 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/02/11 23:29:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/02/11 23:29:13 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/02/11 23:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/02/11 23:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/02/11 22:31:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Michele\Desktop\dds.scr
    [2012/02/11 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Roaming\Malwarebytes
    [2012/02/11 22:10:53 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/02/11 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/11 22:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/02/11 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/11 22:06:25 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Michele\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/05 20:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\40tude Dialog
    [2012/02/05 20:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\40tude Dialog
    [2012/02/04 11:09:43 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\Unity

    ========== Files - Modified Within 30 Days ==========

    [2012/02/16 19:48:38 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/16 19:48:38 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/16 19:40:08 | 000,351,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/02/16 19:40:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/16 19:39:51 | 4202,995,711 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/16 19:34:40 | 000,732,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/02/16 19:34:40 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/02/16 19:34:40 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/02/16 18:50:05 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/15 19:57:50 | 004,404,931 | R--- | M] (Swearware) -- C:\Users\Michele\Desktop\ComboFix.exe
    [2012/02/13 21:38:56 | 000,000,302 | ---- | M] () -- C:\Users\Michele\.Xauthority
    [2012/02/12 23:12:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michele\Desktop\OTL.exe
    [2012/02/12 22:17:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/02/12 21:37:08 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Michele\Desktop\FixTDSS.exe
    [2012/02/12 21:17:52 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michele\Desktop\tdsskiller.exe
    [2012/02/12 20:18:21 | 000,800,637 | ---- | M] () -- C:\Users\Michele\Desktop\ListParts64.exe
    [2012/02/12 09:40:44 | 1426,810,472 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/12 09:12:18 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Michele\Desktop\boot_cleaner.exe
    [2012/02/12 09:11:53 | 000,044,607 | ---- | M] () -- C:\Users\Michele\Desktop\bootkit_remover.zip
    [2012/02/12 09:11:16 | 000,000,512 | ---- | M] () -- C:\Users\Michele\Desktop\MBR.dat
    [2012/02/12 08:58:29 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Michele\Desktop\aswMBR.exe
    [2012/02/11 23:29:26 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/02/11 23:29:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/02/11 22:31:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Michele\Desktop\dds.scr
    [2012/02/11 22:28:13 | 000,302,592 | ---- | M] () -- C:\Users\Michele\Desktop\km76dy5k.exe
    [2012/02/11 22:10:53 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/11 22:09:59 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michele\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/06 18:56:27 | 004,442,360 | ---- | M] () -- C:\Users\Michele\Desktop\Mattia Ancis.png
    [2012/02/05 20:14:10 | 000,000,952 | ---- | M] () -- C:\Users\Michele\Desktop\40tude Dialog.lnk
    [2012/01/31 18:19:48 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/26 21:16:09 | 006,121,912 | ---- | M] () -- C:\Users\Michele\Desktop\110530_-_michele_ancis_signed_contract.pdf
    [2012/01/23 22:12:40 | 000,662,508 | ---- | M] () -- C:\Users\Michele\Desktop\gm_ID_methodology_silveira_jssc_1996[1].pdf
    [2012/01/23 22:08:07 | 001,991,588 | ---- | M] () -- C:\Users\Michele\Desktop\Analog_Front-End_Design_Using_the_gm_ID_Method_for_a_Pulse-Based[1].pdf

    ....
     
  14. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    ...OTL part 2

    [2012/01/18 21:11:42 | 000,001,283 | ---- | M] () -- C:\Users\Michele\Desktop\Busting Loose from the Money Game.pdf.lnk

    ========== Files Created - No Company Name ==========

    [2012/02/12 22:10:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/12 22:10:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/12 22:10:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/12 22:10:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/12 22:10:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/12 20:18:09 | 000,800,637 | ---- | C] () -- C:\Users\Michele\Desktop\ListParts64.exe
    [2012/02/12 09:40:44 | 1426,810,472 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/02/12 09:11:45 | 000,044,607 | ---- | C] () -- C:\Users\Michele\Desktop\bootkit_remover.zip
    [2012/02/12 09:11:16 | 000,000,512 | ---- | C] () -- C:\Users\Michele\Desktop\MBR.dat
    [2012/02/11 23:29:26 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/02/11 23:29:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/02/11 22:23:57 | 000,302,592 | ---- | C] () -- C:\Users\Michele\Desktop\km76dy5k.exe
    [2012/02/11 22:10:53 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/06 18:56:27 | 004,442,360 | ---- | C] () -- C:\Users\Michele\Desktop\Mattia Ancis.png
    [2012/02/05 20:14:10 | 000,000,952 | ---- | C] () -- C:\Users\Michele\Desktop\40tude Dialog.lnk
    [2012/01/26 21:05:50 | 006,121,912 | ---- | C] () -- C:\Users\Michele\Desktop\110530_-_michele_ancis_signed_contract.pdf
    [2012/01/23 22:12:40 | 000,662,508 | ---- | C] () -- C:\Users\Michele\Desktop\gm_ID_methodology_silveira_jssc_1996[1].pdf
    [2012/01/23 22:08:07 | 001,991,588 | ---- | C] () -- C:\Users\Michele\Desktop\Analog_Front-End_Design_Using_the_gm_ID_Method_for_a_Pulse-Based[1].pdf
    [2012/01/18 21:11:42 | 000,001,283 | ---- | C] () -- C:\Users\Michele\Desktop\Busting Loose from the Money Game.pdf.lnk
    [2011/10/31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/10/24 22:45:09 | 000,001,879 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\SAS7_000.DAT
    [2011/10/22 19:35:53 | 000,008,265 | ---- | C] () -- C:\Windows\aiptbl.ini
    [2011/10/08 14:07:26 | 000,000,600 | ---- | C] () -- C:\Users\Michele\AppData\Local\PUTTY.RND
    [2011/07/30 14:28:22 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2011/07/28 15:06:00 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
    [2011/07/28 15:05:47 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
    [2011/07/28 15:05:37 | 000,142,704 | ---- | C] () -- C:\Windows\wiainst64.exe
    [2011/07/15 01:06:18 | 000,215,112 | ---- | C] () -- C:\Windows\ngmsi.dll
    [2011/07/15 01:04:14 | 000,021,064 | ---- | C] () -- C:\Windows\ngutil.exe
    [2011/02/26 07:06:34 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/02/26 07:06:32 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/02/26 07:06:31 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/02/25 16:12:07 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
    [2011/02/25 14:28:48 | 000,001,927 | ---- | C] () -- C:\Windows\HotFixList.ini
    [2011/02/25 13:58:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
    [2010/02/10 16:00:44 | 000,130,280 | ---- | C] () -- C:\Windows\RmTablet.exe
    [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/10/08 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Aventail
    [2011/12/18 23:02:45 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\DVDVideoSoft
    [2012/01/08 22:17:55 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\gtk-2.0
    [2011/10/24 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Nuance
    [2012/01/14 22:39:26 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\ooVoo Details
    [2011/11/28 21:00:11 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Samsung
    [2012/02/11 22:17:04 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\uTorrent
    [2012/01/09 17:51:49 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2012/02/15 20:06:51 | 000,024,012 | ---- | M] () -- C:\ComboFix.txt
    [2012/02/12 22:23:03 | 000,021,029 | ---- | M] () -- C:\ComboFix_old.txt
    [2012/02/16 19:39:51 | 4202,995,711 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/16 19:39:52 | 4202,995,711 | -HS- | M] () -- C:\pagefile.sys
    [2011/02/25 14:00:56 | 000,002,162 | ---- | M] () -- C:\RHDSetup.log
    [2011/07/28 15:05:04 | 000,000,196 | ---- | M] () -- C:\setup.log
    [2012/02/12 21:20:16 | 000,086,006 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_12.02.2012_21.18.11_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >
    [2010/08/06 07:09:44 | 000,016,018 | ---- | M] () -- C:\Windows\Samsung.png

    < %systemroot%\*.scr >
    [2011/11/28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/11/30 11:44:24 | 014,392,507 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Samsung Astro Orbit I.scr
    [2010/11/09 18:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/09/17 19:11:51 | 000,001,670 | -HS- | M] () -- C:\Users\Michele\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/07/28 15:10:37 | 000,000,221 | -HS- | M] () -- C:\Users\Michele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/12 08:58:29 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Michele\Desktop\aswMBR.exe
    [2012/02/12 09:12:18 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Michele\Desktop\boot_cleaner.exe
    [2012/02/15 19:57:50 | 004,404,931 | R--- | M] (Swearware) -- C:\Users\Michele\Desktop\ComboFix.exe
    [2012/02/12 21:37:08 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Michele\Desktop\FixTDSS.exe
    [2012/02/11 22:28:13 | 000,302,592 | ---- | M] () -- C:\Users\Michele\Desktop\km76dy5k.exe
    [2012/02/12 20:18:21 | 000,800,637 | ---- | M] () -- C:\Users\Michele\Desktop\ListParts64.exe
    [2012/02/11 22:09:59 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michele\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/12 23:12:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michele\Desktop\OTL.exe
    [2012/02/12 21:17:52 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michele\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 19:42:54 | 000,000,402 | -HS- | M] () -- C:\Users\Michele\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/07/30 14:45:27 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2011/02/25 14:15:16 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2011/02/25 14:11:44 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2011/02/25 14:10:46 | 000,000,106 | ---- | M] () -- C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
    [2011/02/25 14:13:22 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2011/02/25 14:14:14 | 000,000,108 | ---- | M] () -- C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:8CE646EE
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8

    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
      O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
      O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
      O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll (RealPlayer)
      O2 - BHO: (MFSearch) - {657E195F-066D-435C-92DB-7C261E6FE832} - C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll (AudioEngines)
      O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
      O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (MFSearch) - {657E195F-066D-435C-92DB-7C261E6FE832} - C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll (AudioEngines)
      O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
      O3:64bit: - HKU\S-1-5-21-981944830-553675151-235582288-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
      O3 - HKU\S-1-5-21-981944830-553675151-235582288-1002\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
      O4 - HKU\S-1-5-21-981944830-553675151-235582288-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:8CE646EE
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
  16. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    ...So...
    I got a system error from "robotaskbaricon.exe" stating that:

    the program can't start because RoboForm.DLL is missing from your computer. Try reinstalling the program to fix this problem

    This is the RoboForm taskbar which now doesn't appear in IE anymore.

    OTL log file

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
    File C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{657E195F-066D-435C-92DB-7C261E6FE832}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{657E195F-066D-435C-92DB-7C261E6FE832}\ deleted successfully.
    C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully.
    C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
    File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{657E195F-066D-435C-92DB-7C261E6FE832} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{657E195F-066D-435C-92DB-7C261E6FE832}\ not found.
    File C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{724d43a0-0d85-11d4-9908-00400523e39a} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a}\ deleted successfully.
    File C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll not found.
    64bit-Registry value HKEY_USERS\S-1-5-21-981944830-553675151-235582288-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
    Registry value HKEY_USERS\S-1-5-21-981944830-553675151-235582288-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
    File C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll not found.
    Registry value HKEY_USERS\S-1-5-21-981944830-553675151-235582288-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    ADS C:\ProgramData\Temp:8CE646EE deleted successfully.
    ADS C:\ProgramData\Temp:0FF263E8 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Michele
    ->Temp folder emptied: 158079 bytes
    ->Temporary Internet Files folder emptied: 12240209 bytes
    ->Java cache emptied: 9797641 bytes
    ->Flash cache emptied: 512 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 18576139 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 39.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Michele
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Michele
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02162012_204653

    Files\Folders moved on Reboot...
    C:\Users\Michele\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    -------------------------------------------------------------------------------

    IT STILL REDIRECTS :(((
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  18. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    Hi Broni,

    I installed FF 10.0.1 and it doesn't redirect.
    FIY, IE 64-bit doesn't redirect either.

    M
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  20. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    @="Bing"
    "URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
    "DisplayName"="@ieframe.dll,-12512"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
    "DisplayName"="Google"
    "URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
    "FaviconURL"="http://www.google.com/favicon.ico"
    "SuggestionsURL"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
    "ShowSearchSuggestions"=dword:00000001
    "SortIndex"=dword:00000000

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
    "UpgradeTime"=hex:73,3d,7f,d9,69,75,cc,01
    "ShowSearchSuggestionsGlobal"=dword:00000001
    "DisplayQuickPick"=dword:00000001
    "DownloadRetries"=dword:00000000

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
    "SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
    "FaviconURLFallback"="http://www.google.com/favicon.ico"
    "FaviconPath"="C:\\Users\\Michele\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{6A1806CD-94D4-4689-BA73-E35EA1EA9990}.ico"
  21. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  22. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    I'm going to sleep now. I'll do the restore point and reg fix tomorrow morning...See you in 8 hours :)

    M
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    OK......................
  24. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    ...Done (Sys restore + Reg fix)...

    It still redirects :(

    M
  25. MikeA

    MikeA Newcomer, in training Topic Starter Posts: 54

    Hey Broni,

    I'm going to sleep right now and tomorrow I'll go for a week vacation.
    I'll bring my laptop with me but I am not sure whether and how much I'll have access to the net.

    I'll try to connect but if you dont see me for more than two days from now, please don't take offence, it's just that I have no internet access. If that will be the case, I ask you to "hibernate" the case until I come back...

    Thank you,

    Michele


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.