Hi again, my issue occours whenever I launch Firefox or, inside the browser, I hit the HOME button. It redirects toward a kinky (and unwanted) search engine, I cannot get rid of it, it only happens in Firefox, not at all in google chrome. Here is the DDS and the attach.zip:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Deimos64 at 21:13:01 on 2012-08-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1033.18.8191.6024 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\MAFWTray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://btsearch.name
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Deimos64\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [HP VoodooDNA Mouse] "C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Deimos64\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Deimos64\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {09E90109-A9AA-4980-BCEF-76F8D924E902}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8F7182F4-6138-42AB-B16A-15477455F666} : DhcpNameServer = 192.168.1.1
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [HP VoodooDNA Mouse] "C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {09E90109-A9AA-4980-BCEF-76F8D924E902}
IE-X64: {09E90109-A9AA-4980-BCEF-76F8D924E902}
Hosts: 192.168.1.2 deimosproduction.dyndns.org
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Deimos64\AppData\Roaming\Mozilla\Firefox\Profiles\hr4g69rq.default\
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://www.landing.savetubevideo.com/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://www.landing.savetubevideo.com/results.php?q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
FF - plugin: C:\Users\Deimos64\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.defaultenginename - Custom search
FF - user.js: browser.search.selectedEngine - Custom search
FF - user.js: keyword.URL - hxxp://www.landing.savetubevideo.com/results.php?q=
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-4-12 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-4-12 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-13 86016]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-4-11 204304]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2011-7-16 57344]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-25 2348352]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-9-8 2932224]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-2 2923392]
R3 GamingMsFltr;HP HDX Mouse;C:\Windows\system32\drivers\gamingms.sys --> C:\Windows\system32\drivers\gamingms.sys [?]
R3 MAFW;Service for M-Audio FireWire;C:\Windows\system32\DRIVERS\mafw.sys --> C:\Windows\system32\DRIVERS\mafw.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-1 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\system32\DRIVERS\CamDrL64.sys --> C:\Windows\system32\DRIVERS\CamDrL64.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-11 1030600]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-1 136176]
S3 iLokDrvr;Usb Driver;C:\Windows\system32\DRIVERS\iLokDrvr.sys --> C:\Windows\system32\DRIVERS\iLokDrvr.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 wxpSvc;webcamXP Service;C:\Program Files (x86)\webcamXP 5\wService.exe [2012-3-3 5261312]
.
=============== Created Last 30 ================
.
2012-08-01 18:21:13 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CCEA9DA8-8968-430F-A2CD-BCF8A36A555E}\mpengine.dll
2012-08-01 18:12:11 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-08-01 18:11:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-08-01 18:11:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-28 15:40:01 -------- d-----w- C:\Users\Deimos64\AppData\Local\CD Recovery Toolbox Free
2012-07-28 14:59:16 -------- d-----w- C:\Users\Deimos64\AbiSuite
2012-07-28 14:57:32 -------- d-----w- C:\Program Files (x86)\AbiWord
2012-07-16 21:07:09 -------- d-----w- C:\Users\Deimos64\AppData\Local\Box Shot 3D
2012-07-16 21:07:04 -------- d-----w- C:\Program Files\BoxShot3D
2012-07-12 09:41:20 -------- d-----w- C:\Program Files (x86)\GUM82C6.tmp
2012-07-11 11:15:44 -------- d-----w- C:\Program Files (x86)\GUM5E35.tmp
2012-07-09 18:32:21 -------- d-----w- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2012-07-09 18:32:12 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-07-09 18:32:12 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
.
==================== Find3M ====================
.
2012-07-28 18:16:20 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2012-07-27 16:51:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 16:51:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-08 18:51:55 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-06-08 18:51:55 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-06-08 18:51:55 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-06-08 18:51:55 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-06-08 18:04:41 286720 ----a-w- C:\Windows\iun506.exe
2012-05-31 10:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-26 10:36:46 204800 ----a-w- C:\Windows\System32\unrar64.dll
2012-05-04 21:32:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 17:29:22 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-04 17:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2006-05-03 09:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 21:13:14,84 ===============

in the next post comes the aswMBR report.

...and here it is the aswMBR Report:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 20:37:47
-----------------------------
20:37:47.423 OS Version: Windows x64 6.1.7601 Service Pack 1
20:37:47.423 Number of processors: 4 586 0x1706
20:37:47.424 ComputerName: DEIMOS64-PC UserName: Deimos64
20:37:49.577 Initialize success
20:39:19.491 AVAST engine defs: 12080100
20:39:33.468 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:39:33.468 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
20:39:33.468 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
20:39:33.468 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
20:39:33.484 Disk 1 MBR read successfully
20:39:33.484 Disk 1 MBR scan
20:39:33.500 Disk 1 Windows 7 default MBR code
20:39:33.500 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
20:39:33.531 Disk 1 scanning C:\Windows\system32\drivers
20:39:49.755 Service scanning
20:40:06.962 Modules scanning
20:40:06.962 Disk 1 trace - called modules:
20:40:06.977 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069da2c0]<<spvv.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:40:07.476 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007b8a060]
20:40:07.476 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007876a60]
20:40:07.476 5 ACPI.sys[fffff880011037a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0xfffffa800787e060]
20:40:07.476 \Driver\atapi[0xfffffa8007836060] -> IRP_MJ_CREATE -> 0xfffffa80069da2c0
20:40:09.816 AVAST engine scan C:\Windows
20:40:12.874 AVAST engine scan C:\Windows\system32
20:43:24.911 AVAST engine scan C:\Windows\system32\drivers
20:43:35.426 AVAST engine scan C:\Users\Deimos64
20:49:44.694 AVAST engine scan C:\ProgramData
20:50:46.033 Scan finished successfully
21:05:30.680 Disk 1 MBR has been saved successfully to "C:\Users\Deimos64\Documents\MBR.dat"
21:05:30.680 The log file has been saved successfully to "C:\Users\Deimos64\Documents\aswMBR.txt"

-----
Tnx for your patience.

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR



Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Hi, this is the result with GooredFix:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 10:42 on 06/08/2012 (Deimos64)
Firefox version 10.0.2 (it)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{6461c114-c927-f000-d233-148ad3e3bd37} [06:42 05/04/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:16 14/04/2011]

C:\Users\Deimos64\Application Data\Mozilla\Firefox\Profiles\hr4g69rq.default\extensions\
info@djzig.com [16:51 18/07/2012]
{1018e4d6-728f-4b20-ad56-37578a4de76b} [16:23 18/07/2012]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [17:18 30/03/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-


And here is the log file from Malwarebytes Antimalware:

Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.08.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Deimos64 :: DEIMOS64-PC [amministratore]

Protezione: Attivata

06/08/2012 10:45:49
mbam-log-2012-08-06 (10-45-49).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 217578
Tempo impiegato: 3 minuti, 21 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 2
HKCR\CLSID\{b33ee05e-0e9f-5672-5ac7-4fedac3dbf5c} (Adware.Ezula) -> Spostato in quarantena ed eliminato con successo.
HKCU\Software\SkyMedia (Adware.SkyMedia) -> Spostato in quarantena ed eliminato con successo.

Valori di registro rilevati: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\SYSTEM32\KEWLBUTTONZ.OCX (Hacktool.KewlButtonz) -> Dati: 1 -> Spostato in quarantena ed eliminato con successo.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 3
C:\Users\Deimos64\AppData\Roaming\t (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Deimos64\AppData\Roaming\t\2.0 (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Deimos64\AppData\Roaming\t\2.0\RenderCache (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.

File rilevati: 3
C:\Windows\System32\flltMC.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\System32\KewlButtonz.ocx (Hacktool.KewlButtonz) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Deimos64\AppData\Roaming\t\2.0\LibraryState.xml (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.

(fine)

Sorry for the language, but I hope it helps anyway!

Note: Now it's still redirecting to a web site (www.landing.savetubevideo.com), but this time it's blocked by MBAM with a window alert.

Hi,

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png






Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Please Run this program only once
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-06 13:20:58
-----------------------------
13:20:58.705 OS Version: Windows x64 6.1.7601 Service Pack 1
13:20:58.705 Number of processors: 4 586 0x1706
13:20:58.705 ComputerName: DEIMOS64-PC UserName: Deimos64
13:21:00.639 Initialize success
13:21:51.017 AVAST engine defs: 12080600
13:22:07.990 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:22:07.990 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
13:22:07.990 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
13:22:08.005 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
13:22:08.005 Disk 1 MBR read successfully
13:22:08.005 Disk 1 MBR scan
13:22:08.021 Disk 1 Windows 7 default MBR code
13:22:08.021 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
13:22:08.037 Disk 1 scanning C:\Windows\system32\drivers
13:22:17.100 Service scanning
13:22:33.402 Modules scanning
13:22:33.402 Disk 1 trace - called modules:
13:22:33.402 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069d92c0]<<spou.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:22:33.418 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007b70060]
13:22:33.418 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80077fb670]
13:22:33.418 5 ACPI.sys[fffff880011897a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0xfffffa80078b6060]
13:22:33.418 \Driver\atapi[0xfffffa80077fa060] -> IRP_MJ_CREATE -> 0xfffffa80069d92c0
13:22:35.305 AVAST engine scan C:\Windows
13:22:38.269 AVAST engine scan C:\Windows\system32
13:25:49.588 AVAST engine scan C:\Windows\system32\drivers
13:25:59.837 AVAST engine scan C:\Users\Deimos64
13:28:33.295 Disk 1 MBR has been saved successfully to "C:\Users\Deimos64\Documents\MBR.dat"
13:28:33.295 The log file has been saved successfully to "C:\Users\Deimos64\Documents\aswMBR.txt"

CKScanner - Additional Security Risks - These are not necessarily bad
c:\fsx\addon scenery\flytampa-hongkong\texture\tarmac_cracks.dds
c:\program files\smith micro\poser pro 2010\runtime\libraries\materials\poser 8\real shaders\stones\cracked dry mud antique.mz5
c:\program files\smith micro\poser pro 2010\runtime\libraries\materials\poser 8\real shaders\stones\cracked dry mud bright red.mz5
c:\program files\smith micro\poser pro 2010\runtime\libraries\materials\poser 8\real shaders\stones\cracked dry mud dark brown.mz5
c:\program files\smith micro\poser pro 2010\runtime\libraries\materials\poser 8\real shaders\stones\cracked dry mud dark grey.mz5
c:\program files\smith micro\poser pro 2010\runtime\libraries\materials\poser 8\real shaders\stones\cracked dry mud gold.mz5
c:\program files\smith micro\poser pro 2010\runtime\libraries\materials\poser 8\real shaders\stones\cracked dry mud light brown.mz5
c:\program files\smith micro\poser pro 2010\runtime\libraries\materials\poser 8\real shaders\stones\cracked dry mud red.mz5
c:\program files\smith micro\poser pro 2010\runtime\libraries\materials\poser 8\real shaders\stones\cracked dry mud yellow.mz5
c:\program files\smith micro\poser pro 2010\runtime\libraries\materials\poser 8\real shaders\stones\cracked dry mud.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud antique.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud bright red.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud dark brown.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud dark grey.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud gold.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud light brown.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud red.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud yellow.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud.mz5
c:\program files\smith micro\poser pro 2012\runtime\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files (x86)\smith micro\poser pro 2012\runtime\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files (x86)\steinberg\cubase 5\track presets\audio\nutcracker synth brass.trackpreset
c:\program files (x86)\steinberg\cubase 5\vst3 presets\steinberg media technologies\grungelizer\vinyl crackles.vstpreset
c:\program files (x86)\steinberg\cubase 5\vst3 presets\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\users\deimos64\desktop\games\winvice-2.2-x64\vic 20\tape_images\safecracker.tap
c:\users\public\documents\digital anarchy\toonit\presets\crackle_problem.txt
scanner sequence 3.ZZ.11.UNAPVS
----- EOF -----

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Ok, some problems here. Once I've launched combofix it didn't ask me for Microsoft Windows Recovery Console so I guess it was already installed or so, then, AFTER the reboot, it advised me that a report was in the process to be made, at this point it simply got stuck there, not a crash, all the processes were still working, but to ensure it was only a a matter of time I've left the pc alone for almost 4 hours without running anything else, come back home and the blue window was still there. I had to stop the process by the task manager and only then the report file (combofix.txt) was finally made. I don't know what was wrong, but in the meanwhile windows update asked me to install some updates (?!?), the strange fact is that I have tried to follow all the instructions without making mistakes TWICE, and both the times the same problem, the blue window with the same message and it asks some updates to be installed... Anyway, here is the combofix.txt (it's zipped, because it was too large to be included!)


ComboFix 12-08-05.02 - Deimos64 06/08/2012 17:47:14.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1033.18.8191.6593 [GMT 2:00]
Eseguito da: c:\users\Deimos64\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-07-06 al 2012-08-06 )))))))))))))))))))))))))))))))))))
.
.
2012-08-06 15:51 . 2012-08-06 15:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-06 15:51 . 2012-08-06 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 15:27 . 2012-08-06 15:27 -------- d-----w- c:\windows\SysWow64\xlive
2012-08-06 15:27 . 2012-08-06 15:27 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-08-06 12:57 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-06 12:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-06 12:43 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-06 12:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-06 12:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-06 12:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-06 12:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-06 12:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-01 18:21 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-01 18:15 . 2012-08-01 18:16 -------- d-----w- c:\program files (x86)\ERUNT
2012-08-01 18:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-01 18:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-01 18:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-01 18:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-01 18:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-01 18:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-01 18:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-01 18:11 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-01 18:11 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-28 15:40 . 2012-07-29 12:27 -------- d-----w- c:\users\Deimos64\AppData\Local\CD Recovery Toolbox Free
2012-07-28 14:59 . 2012-08-04 16:56 -------- d-----w- c:\users\Deimos64\AbiSuite
2012-07-28 14:57 . 2012-07-28 14:58 -------- d-----w- c:\program files (x86)\AbiWord
2012-07-16 21:07 . 2012-07-16 23:13 -------- d-----w- c:\users\Deimos64\AppData\Local\Box Shot 3D
2012-07-16 21:07 . 2012-07-16 21:07 -------- d-----w- c:\program files\BoxShot3D
2012-07-12 09:41 . 2012-07-12 09:41 -------- d-----w- c:\program files (x86)\GUM82C6.tmp
2012-07-11 11:15 . 2012-07-11 11:15 -------- d-----w- c:\program files (x86)\GUM5E35.tmp
2012-07-09 18:32 . 2012-07-09 18:32 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-07-09 18:32 . 2008-10-15 04:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-07-09 18:32 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 15:36 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-08-06 15:36 . 2009-08-18 09:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-27 16:51 . 2012-03-29 22:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:51 . 2011-05-26 01:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-04-23 03:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 01:19 . 2012-01-22 18:20 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-08 18:51 . 2012-05-07 16:19 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-06-08 18:51 . 2012-05-07 16:19 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-06-08 18:51 . 2012-05-07 16:19 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-06-08 18:51 . 2012-05-07 16:19 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-08 18:04 . 2012-06-08 18:05 286720 ----a-w- c:\windows\iun506.exe
2012-05-31 10:25 . 2011-03-22 03:14 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-26 10:36 . 2012-06-04 21:15 204800 ----a-w- c:\windows\system32\unrar64.dll
2006-05-03 09:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deimos64\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deimos64\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deimos64\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deimos64\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"HP VoodooDNA Mouse"="c:\program files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe" [2009-03-06 327680]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Deimos64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-2-5 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-31 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 36328]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-11 1030600]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-31 136176]
R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2011-06-28 25720]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-24 1255736]
R3 wxpSvc;webcamXP Service;c:\program files (x86)\webcamXP 5\wService.exe [2012-03-03 5261312]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-07-13 37392]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-04 868848]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-13 86016]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-04-11 204304]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-09-08 2932224]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S3 GamingMsFltr;HP HDX Mouse;c:\windows\system32\drivers\gamingms.sys [2009-05-26 12288]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 231944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-31 22:04]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-31 22:04]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4293069829-1583202108-750908719-1000Core.job
- c:\users\Deimos64\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-07 21:59]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4293069829-1583202108-750908719-1000UA.job
- c:\users\Deimos64\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-07 21:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deimos64\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deimos64\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deimos64\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deimos64\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://btsearch.name
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Deimos64\AppData\Roaming\Mozilla\Firefox\Profiles\hr4g69rq.default\
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://www.landing.savetubevideo.com/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://www.landing.savetubevideo.com/results.php?q=
FF - user.js: browser.search.defaultenginename - Custom search
FF - user.js: browser.search.selectedEngine - Custom search
FF - user.js: keyword.URL - hxxp://www.landing.savetubevideo.com/results.php?q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files (x86)\webcamXP 5\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\astsrv.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SysWOW64\MAFWTray.exe
c:\program files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
.
**************************************************************************
.
Ora fine scansione: 2012-08-06 21:05:50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-08-06 19:05
ComboFix2.txt 2012-08-06 15:01
.
Pre-Run: 162.791.677.952 bytes free
Post-Run: 164.380.127.232 bytes free
.
- - End Of File - - EBA53548E69CBD357645E39F63874E19

Hi,

What is the name of the search engine its taking you to use ??

You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

c:\windows\system32\DRIVERS\iLokDrvr.sys

If the site is busy you can try this one
http://virusscan.jotti.org/en





Lets look a bit more into your system
OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.