Solved IE redirection to apype.com

Hey Broni...

I'm pretty tired so I'm going to bed right now.
Please leave me further instructions, I'll do my part tomorrow first thing :)

Best,

Michele
 
Open IE 32-bit, go Tools>Internet options>Advanced tab and click on "Reset" button.
Restart IE.
Still redirecting?
 
Let's try to reset your router...

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
 
Hi Broni,

I've done everything as instructed but...still getting redirected :-/

Here's a snapshot of the cmd window:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Windows\system32>ipconfig /registerdns

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes.

C:\Windows\system32>ipconfig /release

Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media di
sconnected.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::90e6:a417:10eb:1802%17
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{1124307C-7A8D-4C66-BC36-96DF5CA914B4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3414:bb1:abe4:317
Link-local IPv6 Address . . . . . : fe80::3414:bb1:abe4:317%20
Default Gateway . . . . . . . . . : ::

C:\Windows\system32>ipconfig /renew

Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media di
sconnected.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::90e6:a417:10eb:1802%17
IPv4 Address. . . . . . . . . . . : 192.168.178.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.178.1

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{1124307C-7A8D-4C66-BC36-96DF5CA914B4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:18d2:2e84:3f57:4df3
Link-local IPv6 Address . . . . . : fe80::18d2:2e84:3f57:4df3%20
Default Gateway . . . . . . . . . : ::

C:\Windows\system32>net stop "dns client"
The DNS Client service is stopping.
The DNS Client service could not be stopped.


C:\Windows\system32>net start "dns client"
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


C:\Windows\system32>net stop "dns client"
The DNS Client service is stopping.
The DNS Client service was stopped successfully.


C:\Windows\system32>net start "dns client"
The DNS Client service is starting.
The DNS Client service was started successfully.
-------------------------------------------------------------------------------------------------------

...The only thing is that I had to stop the dns client twice before I got it made, but everything else went as expected I'd say...

Thanks for keepin' up :)

M
 
Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

exit

Restart computer.

Check for redirections.
 
ComboFix 12-02-15.01 - Michele 15-02-2012 20:00:30.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8104.6282 [GMT 1:00]
Gestart vanuit: c:\users\Michele\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-15 to 2012-02-15 ))))))))))))))))))))))))))))))
.
.
2012-02-15 19:05 . 2012-02-15 19:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-15 19:05 . 2012-02-15 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 19:05 . 2012-02-15 19:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-12 20:50 . 2012-02-12 20:50 -------- d-----w- c:\users\Michele\AppData\Local\Windows Live
2012-02-11 22:39 . 2012-02-11 22:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79136599-DA56-4211-8D08-9A6326390EDF}\offreg.dll
2012-02-11 22:29 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-11 22:29 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-11 22:29 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-11 22:29 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-11 22:29 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-11 22:29 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-11 22:29 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-11 22:29 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-11 22:29 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-11 22:29 . 2012-02-11 22:29 -------- d-----w- c:\programdata\AVAST Software
2012-02-11 22:29 . 2012-02-11 22:29 -------- d-----w- c:\program files\AVAST Software
2012-02-11 21:11 . 2012-02-11 21:11 -------- d-----w- c:\users\Michele\AppData\Roaming\Malwarebytes
2012-02-11 21:10 . 2012-02-11 21:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-11 21:10 . 2012-02-11 21:10 -------- d-----w- c:\programdata\Malwarebytes
2012-02-11 21:10 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 00:00 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79136599-DA56-4211-8D08-9A6326390EDF}\mpengine.dll
2012-02-05 19:14 . 2012-02-05 19:27 -------- d-----w- c:\program files (x86)\40tude Dialog
2012-02-04 10:09 . 2012-02-04 10:09 -------- d-----w- c:\users\Michele\AppData\Local\Unity
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2011-07-28 14:12 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-01 20:43 . 2011-12-01 20:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-01 20:43 . 2011-12-01 20:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-24 04:52 . 2011-12-15 17:10 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 07:38 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 07:38 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_21.17.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-12 20:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-15 17:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-12 20:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-15 17:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-12 20:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-15 17:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-25 14:39 . 2012-02-15 17:52 52340 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-15 17:52 35958 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-28 13:56 . 2012-02-15 17:52 11368 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-981944830-553675151-235582288-1002_UserData.bin
+ 2011-07-28 13:47 . 2012-02-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-28 13:47 . 2012-02-07 06:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-28 13:47 . 2012-02-14 22:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-28 13:47 . 2012-02-07 06:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-07 06:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-28 13:56 . 2012-02-12 20:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-28 13:56 . 2012-02-15 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-28 13:56 . 2012-02-12 20:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-28 13:56 . 2012-02-15 17:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-28 13:56 . 2012-02-12 20:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-28 13:56 . 2012-02-15 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-28 14:09 . 2012-02-12 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-28 14:09 . 2012-02-15 18:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-28 14:09 . 2012-02-12 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-28 14:09 . 2012-02-15 18:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-21 12:09 . 2012-02-12 21:25 4864 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-02-26 05:55 . 2012-02-15 17:47 3359 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-02-26 05:55 . 2012-02-12 21:16 3359 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-02-12 21:16 . 2012-02-12 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-15 17:50 . 2012-02-15 17:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-12 21:16 . 2012-02-12 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-15 17:50 . 2012-02-15 17:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2012-02-04 22:34 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-14 22:03 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-02-15 17:47 322520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-12 21:16 322520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-28 17:10 . 2012-02-15 17:47 495852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-981944830-553675151-235582288-1002-8192.dat
- 2011-07-28 17:10 . 2012-02-12 21:16 495852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-981944830-553675151-235582288-1002-8192.dat
- 2011-07-28 21:13 . 2012-02-12 21:16 1470160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-28 21:13 . 2012-02-15 17:47 1470160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{657E195F-066D-435C-92DB-7C261E6FE832}]
2011-05-30 08:06 389632 ----a-w- c:\program files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{657E195F-066D-435C-92DB-7C261E6FE832}"= "c:\program files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll" [2011-05-30 389632]
.
[HKEY_CLASSES_ROOT\clsid\{657e195f-066d-435c-92db-7c261e6fe832}]
[HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImpl.1]
[HKEY_CLASSES_ROOT\TypeLib\{B53860A8-B905-4879-876F-EC18E33C623B}]
[HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImpl]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-09-17 160328]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-02 21392]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-12-12 22459984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-02 928656]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-01 296056]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/25 22:14;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe [x]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-14 1997416]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2011-05-18 2016504]
S2 WTService;WTService;c:\windows\System32\atwtusb.exe [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys [x]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys [x]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 15:14]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 15:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-17 11613288]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"MacroKeyManager"="WTMKM.exe" [2010-02-09 6482152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-02-15 20:06:51
ComboFix-quarantined-files.txt 2012-02-15 19:06
.
Pre-Run: 50.431.361.024 bytes free
Post-Run: 50.231.025.664 bytes free
.
- - End Of File - - BAF8FF7FBA0E93206C79DDAB2AADB009
 
In my reply #27 I asked you to reset IE.
I'm not sure how you did it since I still can see all kind of toolbars there.

Redo reset and post new OTL log.
 
...So...Things are getting a bit strange.

Firstly, I always did what you asked me to do. When you asked to reset, I did.

Now, I reset IE 32 again by going Tools->Internet Options->Advanced->Reset
but when I restart IE, my Roboform Toolbar is nevertheless there.

Secondly, I ran OTL as administrator again, pasting the custom scan directives as instructed in reply #16.

Strangely enough, I only get OTL.txt and no Extras.txt

I ran it twice, restarting the machine in between...Here's the OTL log

OTL logfile created on: 2/16/2012 7:43:41 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

7.91 Gb Total Physical Memory | 6.22 Gb Available Physical Memory | 78.56% Memory free
15.83 Gb Paging File | 14.04 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 105.00 Gb Total Space | 47.67 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
Drive D: | 467.62 Gb Total Space | 131.29 Gb Free Space | 28.08% Space Free | Partition Type: NTFS
Drive E: | 5.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SAMSUNGRF711 | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/12 23:12:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michele\Desktop\OTL.exe
PRC - [2011/12/12 18:21:54 | 022,459,984 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/12/01 21:43:52 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/02 16:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/11/02 16:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/09/17 21:32:22 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/05/18 21:40:06 | 002,016,504 | ---- | M] (UltraVNC) -- C:\Program Files (x86)\UltraVNC\winvnc.exe
PRC - [2010/12/15 00:01:16 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/12/14 03:59:42 | 000,607,400 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
PRC - [2010/12/06 12:44:36 | 000,943,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/12/06 12:44:28 | 007,058,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
PRC - [2010/11/14 16:30:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/11/10 00:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/10/22 17:58:34 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/10/06 06:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 06:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/07/23 11:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 19:36:09 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\de7b98adae0cf9ef3ee34eba29b9e0d9\PresentationFramework.ni.dll
MOD - [2012/02/16 19:35:58 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7d0085af8163b715488f2ed72d2b404\PresentationCore.ni.dll
MOD - [2012/02/16 19:35:54 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\8f178c27be36f9a08ab5ef6b26edd53c\System.Windows.Forms.ni.dll
MOD - [2012/02/16 19:35:51 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e6a421765ab129b5a12db40f1ad11b33\System.Core.ni.dll
MOD - [2012/02/16 19:35:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\328128459fb93ae5bb4d813f1c25f882\System.Xml.ni.dll
MOD - [2012/02/16 19:35:46 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ed88e619ee2f7890f095327c9e6c4f47\WindowsBase.ni.dll
MOD - [2012/02/16 19:35:44 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48763e13ab42d7d355deba3265ea3223\System.Drawing.ni.dll
MOD - [2012/02/16 19:35:44 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8bddd0d3155a3edec42e3039493095c7\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 19:35:42 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dc9a87796af6bbda69eb6415f081d7d5\System.ni.dll
MOD - [2012/02/16 18:08:05 | 000,115,137 | ---- | M] () -- C:\Users\Michele\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
MOD - [2011/11/02 16:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/10/14 21:38:48 | 014,408,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/07/15 01:01:04 | 000,510,024 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2010/10/22 17:58:34 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/10/08 01:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2010/01/27 15:27:24 | 000,665,320 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/18 21:40:06 | 002,016,504 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files (x86)\UltraVNC\WinVNC.exe -- (uvnc_service)
SRV - [2010/12/15 00:01:16 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/10/06 06:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/10/06 06:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/08/25 04:07:38 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010/07/23 11:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/06/03 18:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/10/27 02:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/10/27 02:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011/10/27 02:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/10/27 02:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/07/15 00:30:50 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2011/07/15 00:30:50 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2011/07/15 00:30:50 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2011/07/15 00:30:50 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/15 00:01:14 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/12/03 05:55:32 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/03 05:55:32 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/29 06:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/25 20:31:32 | 000,409,192 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/10 00:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/10/15 09:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/10/08 01:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/09/21 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/21 08:20:30 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/09/14 23:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/09/14 23:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/31 02:13:02 | 000,118,664 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/08/21 01:21:38 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/29 01:23:08 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/02 08:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/08/26 12:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009/08/07 02:35:34 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/03/08 18:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2011/04/21 12:33:15 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michele\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/02/25 16:12:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/25 16:12:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/25 16:13:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/01 21:44:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\MFToolbar@skywebsearch.com: C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\FF [2011/07/28 18:59:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/12 22:17:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (MFSearch) - {657E195F-066D-435C-92DB-7C261E6FE832} - C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll (AudioEngines)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MFSearch) - {657E195F-066D-435C-92DB-7C261E6FE832} - C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll (AudioEngines)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-981944830-553675151-235582288-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-981944830-553675151-235582288-1002\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-981944830-553675151-235582288-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-981944830-553675151-235582288-1002..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-981944830-553675151-235582288-1002..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-981944830-553675151-235582288-1002..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-981944830-553675151-235582288-1002..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-981944830-553675151-235582288-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-981944830-553675151-235582288-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-981944830-553675151-235582288-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-981944830-553675151-235582288-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1124307C-7A8D-4C66-BC36-96DF5CA914B4}: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8086BF51-4CF3-44C4-AD59-1D93FA29A6AF}: DhcpNameServer = 212.54.40.25 212.54.35.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 18:07:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/15 19:57:41 | 004,404,931 | R--- | C] (Swearware) -- C:\Users\Michele\Desktop\ComboFix.exe
[2012/02/12 23:11:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michele\Desktop\OTL.exe
[2012/02/12 22:23:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/12 22:10:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/12 22:10:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/12 22:10:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/12 22:10:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/12 22:10:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/12 21:50:23 | 000,000,000 | ---D | C] -- C:\Users\Michele\Documents\CyberLink
[2012/02/12 21:50:20 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\Windows Live
[2012/02/12 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\{F1145FCE-9C8D-4734-A8DF-0C50300376AE}
[2012/02/12 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\{944DC6AD-DE67-4321-8831-CCA791652721}
[2012/02/12 21:37:06 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Michele\Desktop\FixTDSS.exe
[2012/02/12 21:17:00 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michele\Desktop\tdsskiller.exe
[2012/02/12 09:41:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/12 08:58:18 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Michele\Desktop\aswMBR.exe
[2012/02/11 23:29:26 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/11 23:29:26 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/11 23:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/11 23:29:25 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/11 23:29:25 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/11 23:29:25 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/11 23:29:24 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/11 23:29:24 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/11 23:29:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/11 23:29:13 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/11 23:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/11 23:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/11 22:31:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Michele\Desktop\dds.scr
[2012/02/11 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Roaming\Malwarebytes
[2012/02/11 22:10:53 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/11 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/11 22:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/11 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/11 22:06:25 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Michele\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/05 20:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\40tude Dialog
[2012/02/05 20:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\40tude Dialog
[2012/02/04 11:09:43 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\Unity

========== Files - Modified Within 30 Days ==========

[2012/02/16 19:48:38 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 19:48:38 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 19:40:08 | 000,351,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 19:40:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/16 19:39:51 | 4202,995,711 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 19:34:40 | 000,732,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 19:34:40 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 19:34:40 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 18:50:05 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/15 19:57:50 | 004,404,931 | R--- | M] (Swearware) -- C:\Users\Michele\Desktop\ComboFix.exe
[2012/02/13 21:38:56 | 000,000,302 | ---- | M] () -- C:\Users\Michele\.Xauthority
[2012/02/12 23:12:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michele\Desktop\OTL.exe
[2012/02/12 22:17:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/12 21:37:08 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Michele\Desktop\FixTDSS.exe
[2012/02/12 21:17:52 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michele\Desktop\tdsskiller.exe
[2012/02/12 20:18:21 | 000,800,637 | ---- | M] () -- C:\Users\Michele\Desktop\ListParts64.exe
[2012/02/12 09:40:44 | 1426,810,472 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/12 09:12:18 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Michele\Desktop\boot_cleaner.exe
[2012/02/12 09:11:53 | 000,044,607 | ---- | M] () -- C:\Users\Michele\Desktop\bootkit_remover.zip
[2012/02/12 09:11:16 | 000,000,512 | ---- | M] () -- C:\Users\Michele\Desktop\MBR.dat
[2012/02/12 08:58:29 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Michele\Desktop\aswMBR.exe
[2012/02/11 23:29:26 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/11 23:29:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/11 22:31:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Michele\Desktop\dds.scr
[2012/02/11 22:28:13 | 000,302,592 | ---- | M] () -- C:\Users\Michele\Desktop\km76dy5k.exe
[2012/02/11 22:10:53 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 22:09:59 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michele\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/06 18:56:27 | 004,442,360 | ---- | M] () -- C:\Users\Michele\Desktop\Mattia Ancis.png
[2012/02/05 20:14:10 | 000,000,952 | ---- | M] () -- C:\Users\Michele\Desktop\40tude Dialog.lnk
[2012/01/31 18:19:48 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/26 21:16:09 | 006,121,912 | ---- | M] () -- C:\Users\Michele\Desktop\110530_-_michele_ancis_signed_contract.pdf
[2012/01/23 22:12:40 | 000,662,508 | ---- | M] () -- C:\Users\Michele\Desktop\gm_ID_methodology_silveira_jssc_1996[1].pdf
[2012/01/23 22:08:07 | 001,991,588 | ---- | M] () -- C:\Users\Michele\Desktop\Analog_Front-End_Design_Using_the_gm_ID_Method_for_a_Pulse-Based[1].pdf

....
 
...OTL part 2

[2012/01/18 21:11:42 | 000,001,283 | ---- | M] () -- C:\Users\Michele\Desktop\Busting Loose from the Money Game.pdf.lnk

========== Files Created - No Company Name ==========

[2012/02/12 22:10:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/12 22:10:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/12 22:10:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/12 22:10:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/12 22:10:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/12 20:18:09 | 000,800,637 | ---- | C] () -- C:\Users\Michele\Desktop\ListParts64.exe
[2012/02/12 09:40:44 | 1426,810,472 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/12 09:11:45 | 000,044,607 | ---- | C] () -- C:\Users\Michele\Desktop\bootkit_remover.zip
[2012/02/12 09:11:16 | 000,000,512 | ---- | C] () -- C:\Users\Michele\Desktop\MBR.dat
[2012/02/11 23:29:26 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/11 23:29:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/02/11 22:23:57 | 000,302,592 | ---- | C] () -- C:\Users\Michele\Desktop\km76dy5k.exe
[2012/02/11 22:10:53 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 18:56:27 | 004,442,360 | ---- | C] () -- C:\Users\Michele\Desktop\Mattia Ancis.png
[2012/02/05 20:14:10 | 000,000,952 | ---- | C] () -- C:\Users\Michele\Desktop\40tude Dialog.lnk
[2012/01/26 21:05:50 | 006,121,912 | ---- | C] () -- C:\Users\Michele\Desktop\110530_-_michele_ancis_signed_contract.pdf
[2012/01/23 22:12:40 | 000,662,508 | ---- | C] () -- C:\Users\Michele\Desktop\gm_ID_methodology_silveira_jssc_1996[1].pdf
[2012/01/23 22:08:07 | 001,991,588 | ---- | C] () -- C:\Users\Michele\Desktop\Analog_Front-End_Design_Using_the_gm_ID_Method_for_a_Pulse-Based[1].pdf
[2012/01/18 21:11:42 | 000,001,283 | ---- | C] () -- C:\Users\Michele\Desktop\Busting Loose from the Money Game.pdf.lnk
[2011/10/31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/10/24 22:45:09 | 000,001,879 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\SAS7_000.DAT
[2011/10/22 19:35:53 | 000,008,265 | ---- | C] () -- C:\Windows\aiptbl.ini
[2011/10/08 14:07:26 | 000,000,600 | ---- | C] () -- C:\Users\Michele\AppData\Local\PUTTY.RND
[2011/07/30 14:28:22 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/07/28 15:06:00 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/07/28 15:05:47 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/07/28 15:05:37 | 000,142,704 | ---- | C] () -- C:\Windows\wiainst64.exe
[2011/07/15 01:06:18 | 000,215,112 | ---- | C] () -- C:\Windows\ngmsi.dll
[2011/07/15 01:04:14 | 000,021,064 | ---- | C] () -- C:\Windows\ngutil.exe
[2011/02/26 07:06:34 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/02/26 07:06:32 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/02/26 07:06:31 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/25 16:12:07 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2011/02/25 14:28:48 | 000,001,927 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011/02/25 13:58:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/02/10 16:00:44 | 000,130,280 | ---- | C] () -- C:\Windows\RmTablet.exe
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/08 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Aventail
[2011/12/18 23:02:45 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\DVDVideoSoft
[2012/01/08 22:17:55 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\gtk-2.0
[2011/10/24 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Nuance
[2012/01/14 22:39:26 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\ooVoo Details
[2011/11/28 21:00:11 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Samsung
[2012/02/11 22:17:04 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\uTorrent
[2012/01/09 17:51:49 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/02/15 20:06:51 | 000,024,012 | ---- | M] () -- C:\ComboFix.txt
[2012/02/12 22:23:03 | 000,021,029 | ---- | M] () -- C:\ComboFix_old.txt
[2012/02/16 19:39:51 | 4202,995,711 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 19:39:52 | 4202,995,711 | -HS- | M] () -- C:\pagefile.sys
[2011/02/25 14:00:56 | 000,002,162 | ---- | M] () -- C:\RHDSetup.log
[2011/07/28 15:05:04 | 000,000,196 | ---- | M] () -- C:\setup.log
[2012/02/12 21:20:16 | 000,086,006 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_12.02.2012_21.18.11_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >
[2010/08/06 07:09:44 | 000,016,018 | ---- | M] () -- C:\Windows\Samsung.png

< %systemroot%\*.scr >
[2011/11/28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/30 11:44:24 | 014,392,507 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Samsung Astro Orbit I.scr
[2010/11/09 18:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/09/17 19:11:51 | 000,001,670 | -HS- | M] () -- C:\Users\Michele\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/28 15:10:37 | 000,000,221 | -HS- | M] () -- C:\Users\Michele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/12 08:58:29 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Michele\Desktop\aswMBR.exe
[2012/02/12 09:12:18 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Michele\Desktop\boot_cleaner.exe
[2012/02/15 19:57:50 | 004,404,931 | R--- | M] (Swearware) -- C:\Users\Michele\Desktop\ComboFix.exe
[2012/02/12 21:37:08 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Michele\Desktop\FixTDSS.exe
[2012/02/11 22:28:13 | 000,302,592 | ---- | M] () -- C:\Users\Michele\Desktop\km76dy5k.exe
[2012/02/12 20:18:21 | 000,800,637 | ---- | M] () -- C:\Users\Michele\Desktop\ListParts64.exe
[2012/02/11 22:09:59 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michele\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/12 23:12:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michele\Desktop\OTL.exe
[2012/02/12 21:17:52 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michele\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/16 19:42:54 | 000,000,402 | -HS- | M] () -- C:\Users\Michele\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/07/30 14:45:27 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/02/25 14:15:16 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2011/02/25 14:11:44 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2011/02/25 14:10:46 | 000,000,106 | ---- | M] () -- C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
[2011/02/25 14:13:22 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2011/02/25 14:14:14 | 000,000,108 | ---- | M] () -- C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:8CE646EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll (RealPlayer)
O2 - BHO: (MFSearch) - {657E195F-066D-435C-92DB-7C261E6FE832} - C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll (AudioEngines)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MFSearch) - {657E195F-066D-435C-92DB-7C261E6FE832} - C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll (AudioEngines)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-981944830-553675151-235582288-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-981944830-553675151-235582288-1002\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKU\S-1-5-21-981944830-553675151-235582288-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:8CE646EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
...So...
I got a system error from "robotaskbaricon.exe" stating that:

the program can't start because RoboForm.DLL is missing from your computer. Try reinstalling the program to fix this problem

This is the RoboForm taskbar which now doesn't appear in IE anymore.

OTL log file

All processes killed
========== OTL ==========
HKU\S-1-5-21-981944830-553675151-235582288-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
File C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{657E195F-066D-435C-92DB-7C261E6FE832}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{657E195F-066D-435C-92DB-7C261E6FE832}\ deleted successfully.
C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully.
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{657E195F-066D-435C-92DB-7C261E6FE832} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{657E195F-066D-435C-92DB-7C261E6FE832}\ not found.
File C:\Program Files (x86)\MusicFrost\Music Frost Toolbar\MFSearch.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{724d43a0-0d85-11d4-9908-00400523e39a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a}\ deleted successfully.
File C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-981944830-553675151-235582288-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_USERS\S-1-5-21-981944830-553675151-235582288-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
File C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll not found.
Registry value HKEY_USERS\S-1-5-21-981944830-553675151-235582288-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
ADS C:\ProgramData\Temp:8CE646EE deleted successfully.
ADS C:\ProgramData\Temp:0FF263E8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michele
->Temp folder emptied: 158079 bytes
->Temporary Internet Files folder emptied: 12240209 bytes
->Java cache emptied: 9797641 bytes
->Flash cache emptied: 512 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18576139 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Michele
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Michele
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02162012_204653

Files\Folders moved on Reboot...
C:\Users\Michele\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

-------------------------------------------------------------------------------

IT STILL REDIRECTS :(((
 
Hi Broni,

I installed FF 10.0.1 and it doesn't redirect.
FIY, IE 64-bit doesn't redirect either.

M
 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
"DisplayName"="@ieframe.dll,-12512"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
"FaviconURL"="http://www.google.com/favicon.ico"
"SuggestionsURL"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
"ShowSearchSuggestions"=dword:00000001
"SortIndex"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
"UpgradeTime"=hex:73,3d,7f,d9,69,75,cc,01
"ShowSearchSuggestionsGlobal"=dword:00000001
"DisplayQuickPick"=dword:00000001
"DownloadRetries"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
"FaviconURLFallback"="http://www.google.com/favicon.ico"
"FaviconPath"="C:\\Users\\Michele\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{6A1806CD-94D4-4689-BA73-E35EA1EA9990}.ico"
 
I'm going to sleep now. I'll do the restore point and reg fix tomorrow morning...See you in 8 hours :)

M
 
Hey Broni,

I'm going to sleep right now and tomorrow I'll go for a week vacation.
I'll bring my laptop with me but I am not sure whether and how much I'll have access to the net.

I'll try to connect but if you dont see me for more than two days from now, please don't take offence, it's just that I have no internet access. If that will be the case, I ask you to "hibernate" the case until I come back...

Thank you,

Michele
 
You must log in or register to reply here.

Similar threads

C
Differences in Internet Providers?
Replies
1
Views
275
Nelson28
N
losdavos
Malware removal help, please and thank you!
Replies
1
Views
803
losdavos
losdavos
T
Windows Logon Password Box Fully Populated Coming Out of Hibernation, Why?
Replies
1
Views
446
Nelson28
N

Latest posts

Back