virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!

Hi guys,

Could someone help me???
After installing Firefox I always get I suddenly got a pop up message from trend scan office saying they blocked a virus
Anti-virus programs cannot remove i.trkjmp.com/crossdomain.xml from my pc !!

Mbam Log
http://www.scribd.com/doc/109586365/mbam-log-2012-10-10-12-28-54

OTL.txt
http://www.scribd.com/doc/109586743/Otl

aswMBR.txt
http://www.scribd.com/doc/109587047/aswMBR

RKreport-1
http://www.scribd.com/doc/109587232/RKreport-1

RKreport-2
http://www.scribd.com/doc/109587451/RKreport-2

RKreport-3
http://www.scribd.com/doc/109587619/RKreport-3

Could you attach the OTL log to the post as I need to download it to analyse it

I already did in my first message

OTL.txt
http://www.scribd.com/doc/109590364/Otl[url=

I cannot download from that site without generating an account which I do not wish to do so. If I try and copy/paste the formatting is destroyed

OTL logfile created on: 10/10/2012 13:28:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M1\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
2,93 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 23,66% Memory free
5,85 Gb Paging File | 3,31 Gb Available in Paging File | 56,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 234,04 Gb Free Space | 78,54% Space Free | Partition Type: NTFS
Computer Name: M1 | User Name: M1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/10 13:26:29 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\M1\Desktop\OTL (1).exe
PRC - [2012/10/10 12:26:48 | 000,538,327 | ---- | M] () – C:\Users\M1\Downloads\adwcleaner (1).exe
PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) – C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) – C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) – C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) – C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012/08/08 10:19:30 | 000,101,272 | ---- | M] (Visicom Media Inc.) – C:\Program Files\adawaretb\ffHelper.exe
PRC - [2012/08/08 10:17:00 | 000,540,056 | ---- | M] (Lavasoft) – C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/02/17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2012/01/03 23:50:30 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) – C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/08/02 11:47:34 | 000,063,488 | ---- | M] () – C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\conhost.exe
PRC - [2011/03/18 22:59:40 | 001,422,680 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
PRC - [2010/11/20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\taskhost.exe
PRC - [2010/10/08 16:44:42 | 000,345,424 | ---- | M] (Trend Micro Inc.) – C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/09/03 15:14:38 | 004,763,944 | ---- | M] (TeamViewer GmbH) – C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/09/03 15:07:48 | 000,173,352 | ---- | M] (TeamViewer GmbH) – C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/03/29 05:51:10 | 000,516,096 | ---- | M] (SAP AG, Walldorf) – C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe
PRC - [2010/03/17 04:48:42 | 000,495,708 | ---- | M] (IDT, Inc.) – C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/17 04:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) – C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe
PRC - [2010/02/05 17:01:00 | 000,849,192 | ---- | M] (Trend Micro Inc.) – C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/02/02 17:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) – C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/02/02 17:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) – C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/01/07 11:44:26 | 000,497,008 | ---- | M] (Trend Micro Inc.) – C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/01/07 11:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) – C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) – C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/04/02 16:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) – C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) – C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe
PRC - [2007/08/02 12:08:08 | 000,081,920 | ---- | M] (Siemens AG) – C:\Program Files\Siemens\CardOS API\bin\siecacst.exe

========== Modules (No Company Name) ==========
MOD - [2012/10/10 12:26:48 | 000,538,327 | ---- | M] () – C:\Users\M1\Downloads\adwcleaner (1).exe
MOD - [2012/10/04 03:16:00 | 000,460,312 | ---- | M] () – C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/04 03:15:58 | 012,435,992 | ---- | M] () – C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
MOD - [2012/10/04 03:15:56 | 004,005,912 | ---- | M] () – C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll
MOD - [2012/10/04 03:14:41 | 000,578,072 | ---- | M] () – C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\libglesv2.dll
MOD - [2012/10/04 03:14:40 | 000,123,928 | ---- | M] () – C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\libegl.dll
MOD - [2012/10/04 03:14:29 | 000,156,712 | ---- | M] () – C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\avutil-51.dll
MOD - [2012/10/04 03:14:27 | 000,275,496 | ---- | M] () – C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\avformat-54.dll
MOD - [2012/10/04 03:14:26 | 002,168,360 | ---- | M] () – C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\avcodec-54.dll
MOD - [2012/09/12 14:41:45 | 015,399,936 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\6a7fb6df47db31dac36a3a9801a21b42\Kies.Theme.ni.dll
MOD - [2012/09/12 14:41:45 | 000,606,720 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\433eefddf112b56672a8a1ee35b40c0d\DevicePodcast.ni.dll
MOD - [2012/09/12 14:41:45 | 000,290,816 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b35acc2956e687d8c3caca0661b8658e\DeviceVideo.ni.dll
MOD - [2012/09/12 14:41:44 | 000,367,104 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\09b5e28e6e2397e133e4bc92271b7ca1\DevicePhoto.ni.dll
MOD - [2012/09/12 14:41:44 | 000,299,008 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\5ad2ba488828d013dfdf510076375a29\DeviceMusic.ni.dll
MOD - [2012/09/12 14:41:43 | 002,778,112 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\9c70d66c4fa6908cf79bb33b0b11711f\PodcastService.ni.dll
MOD - [2012/09/12 14:41:43 | 001,143,296 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\21ed07f8387783454014dfc7b5f586d1\Podcaster.ni.dll
MOD - [2012/09/12 14:41:43 | 000,461,824 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\730d5f079a100b565e990efd8a9b9058\VideoManager.ni.dll
MOD - [2012/09/12 14:41:41 | 000,607,232 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\5c5890aa718a7bed4c4afeca05b9a223\PhotoManager.ni.dll
MOD - [2012/09/12 14:41:37 | 005,676,544 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\e2d92de20ec3f6747f634b8626317dde\DeviceHost.ni.dll
MOD - [2012/09/12 14:41:31 | 001,843,712 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\c1fa42590e573b58059723e8502566c9\Phonebook.ni.dll
MOD - [2012/09/12 14:41:31 | 000,033,792 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\527c093151d98ac8ed719ac75ff4ab2f\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012/09/12 14:41:28 | 001,007,104 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\6be346eb8432e793bbb3123e60010e21\CPKTMusicPlugin.ni.dll
MOD - [2012/09/12 14:41:26 | 000,962,560 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\a8012f4fb6621a9dab285686e12a8d61\MusicManager.ni.dll
MOD - [2012/09/12 14:41:24 | 000,391,168 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\4560781672563cd7156d6ce314775d1e\BATPlugin.ni.dll
MOD - [2012/09/12 14:41:24 | 000,320,512 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\79eb5ad41e74bed0086a8083a6c8c300\EBookManager.ni.dll

MOD - [2012/09/12 14:41:23 | 000,507,392 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\f27710085dceabe3c4339f20c83e9b04\Kies.Common.MediaDB.ni.dll
MOD - [2012/09/12 14:41:23 | 000,031,232 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d9fab7c2fa316f3b2ee79232e8432e4e\AllShareController.ni.dll
MOD - [2012/09/12 14:41:22 | 000,064,000 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\1bc82af332a9c5ea3d8a76db385ad681\Kies.Common.AllShare.ni.dll
MOD - [2012/09/12 14:41:22 | 000,029,184 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\12f8b358f13406f94c38df60ab4b4f31\Kies.Common.StoreManager.ni.dll
MOD - [2012/09/12 14:41:21 | 000,276,992 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0c13efd28c9f49ec88fe0523aac81ded\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012/09/12 14:41:21 | 000,232,960 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\12469c2abcd6388af01f04108d8e1878\ASF_cSharpAPI.ni.dll
MOD - [2012/09/12 14:41:20 | 000,565,760 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\38d9858815655be8556cbdbb8abcaf07\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012/09/12 14:41:20 | 000,189,952 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d26876cac62dd0aec6a2ae5a635d238b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012/09/12 14:41:19 | 000,566,784 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\de22660266429ba2c9a0ee4d18ca696e\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012/09/12 14:41:19 | 000,174,592 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\78afe9b50dbcd5135d9260d11f249166\Interop.DevFileServiceLib.ni.dll
MOD - [2012/09/12 14:41:18 | 001,024,512 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3ac07d819d7e1aba0866a9b26cfd9198\Kies.Common.DeviceService.ni.dll
MOD - [2012/09/12 14:41:18 | 000,901,632 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4960e26ebc78a57a1a3eef83b7552dd9\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012/09/12 14:41:17 | 002,188,800 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c6d2cd24502c664bc76f2e3bd22ddfd1\Kies.Common.Multimedia.ni.dll
MOD - [2012/09/12 14:41:17 | 000,184,832 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6178dca61acdcd3d3a226eb072dea645\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012/09/12 14:41:16 | 000,052,224 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\575a049dfe13964db34d62b6f1bdad5f\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012/09/12 14:41:16 | 000,032,256 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\2cf68dad9c88a16fd18460345d855124\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012/09/12 14:41:15 | 000,171,520 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\9dc3e0ae616c7239c74ce82a970ca743\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012/09/12 14:41:15 | 000,030,720 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\c56da104f17d4a3141703e61c2a9a118\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012/09/12 14:41:12 | 000,183,296 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\0f77a1a61bd7a4756adcac091ebf46fd\Kies.Common.MainUI.ni.dll
MOD - [2012/09/12 14:41:11 | 000,067,072 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\8e7c528748de50fb4697758b81b57b4d\Kies.Common.DBManager.ni.dll
MOD - [2012/09/12 14:41:10 | 000,395,776 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\116f694385a15386804af59028de6f7f\CabLib.ni.dll
MOD - [2012/09/12 14:41:09 | 001,728,512 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\bc7df1e8253989feb8163881ea6c6002\Kies.UI.ni.dll
MOD - [2012/09/12 14:41:09 | 000,530,944 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\15f2a04d54b0d8b38bdf0f9d5b2ea990\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012/09/12 14:41:08 | 000,201,728 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\d0ac9d8d281fe302e0cde2a639769e55\Kies.Common.Util.ni.dll
MOD - [2012/09/12 14:41:07 | 000,052,224 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\969020374a914259cb60a8b3ec928928\Interop.DeviceSearchLib.ni.dll
MOD - [2012/09/12 14:41:05 | 001,437,696 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8bac6e5789841d666a2d4333600a355e\Kies.Locale.ni.dll
MOD - [2012/09/12 14:41:04 | 001,674,240 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\6537299483d2e3ef9117428eeb0b24ad\Kies.ni.exe
MOD - [2012/09/12 14:41:04 | 000,078,848 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\4f04f07e37376418a5be2472ff48b784\Kies.MVVM.ni.dll
MOD - [2012/09/12 14:41:02 | 000,119,296 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\8d959268f6c6a3a4f1d3da78ebcfa50a\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012/09/12 14:41:00 | 001,185,280 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\aa5478ab66f33c93cf29ce927b7066f9\Kies.Interface.ni.dll
MOD - [2012/09/12 14:40:56 | 000,771,072 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\313422d72f54628fc052bc054b0725ec\System.Runtime.Remoting.ni.dll
MOD - [2012/06/14 08:25:37 | 000,221,696 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll
MOD - [2012/06/13 18:03:57 | 013,198,336 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
MOD - [2012/06/13 18:01:56 | 018,019,840 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012/06/13 18:01:43 | 011,522,048 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012/06/13 18:01:31 | 003,881,984 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012/06/13 18:01:31 | 001,666,048 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
MOD - [2012/05/15 08:15:57 | 001,782,272 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012/05/14 18:23:24 | 007,069,184 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012/05/14 18:23:19 | 005,617,664 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012/05/14 18:23:16 | 000,982,528 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll
MOD - [2012/05/14 18:23:14 | 009,092,096 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012/05/14 18:23:08 | 014,415,360 | ---- | M] () – C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012/03/05 13:49:58 | 001,860,096 | ---- | M] () – C:\Windows\System32\spool\drivers\w32x86\3\ricaz0ur.dll
MOD - [2011/05/28 22:04:56 | 000,140,800 | ---- | M] () – C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () – C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/28 21:42:14 | 000,652,800 | ---- | M] () – C:\Program Files\IZArc\IZArcCM.dll
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () – C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () – C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () – C:\Windows\System32\msjetoledb40.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () – C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2007/06/04 09:41:00 | 000,311,296 | ---- | M] () – C:\Windows\System32\siecaces.dll
MOD - [2007/04/16 14:01:06 | 000,184,320 | ---- | M] () – C:\Windows\System32\gmp4_2_1.dll

========== Services (SafeList) ==========
SRV - [2012/10/09 10:48:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] – C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe – (Ad-Aware Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files\Skype\Updater\Updater.exe – (SkypeUpdate)
SRV - [2012/05/29 09:03:51 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] – C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe – (SBAMSvc)
SRV - [2011/08/02 11:47:34 | 000,063,488 | ---- | M] () [Auto | Running] – C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe – (CDMA Device Service)
SRV - [2011/07/11 17:13:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\Wat\WatAdminSvc.exe – (WatAdminSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Program Files\Microsoft Office\Office14\GROOVE.EXE – (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/08 16:44:42 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] – C:\Program Files\Trend Micro\BM\TMBMSRV.exe – (TMBMServer)
SRV - [2010/09/03 15:07:48 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] – C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe – (TeamViewer5)
SRV - [2010/03/17 04:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] – C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe – (STacSV)
SRV - [2010/02/02 17:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] – C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe – (tmlisten)
SRV - [2010/02/02 17:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Auto | Running] – C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe – (ntrtscan)
SRV - [2010/01/07 11:44:26 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] – C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe – (TmPfw)
SRV - [2010/01/07 11:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] – C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe – (TmProxy)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] – C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe – (CVPND)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\CCM\CcmExec.exe – (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\CCM\TSManager.exe – (smstsmgr)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\StorSvc.dll – (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\System32\PeerDistSvc.dll – (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] – C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe – (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – System32\drivers\rdvgkmd.sys – (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] – System32\drivers\dgderdrv.sys – (dgderdrv)
DRV - [2012/10/10 12:28:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\mbamswissarmy.sys – (MBAMSwissArmy)
DRV - [2012/07/31 12:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ssudmdm.sys – (ssudmdm)
DRV - [2012/07/31 12:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ssudbus.sys – (dg_ssudbus)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\sbhips.sys – (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\sbapifs.sys – (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Unknown] – C:\Windows\System32\drivers\SBREDrv.sys – (SBRE)
DRV - [2011/08/01 13:44:26 | 000,404,256 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\SRS_AE_i386.sys – (SRS_AE_Service)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] – C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys – (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] – C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys – (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] – C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys – (VSApiNt)
DRV - [2010/11/20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\rdpvideominiport.sys – (RdpVideoMiniport)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\TsUsbFlt.sys – (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vmbus.sys – (vmbus)
DRV - [2010/11/20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\tsusbhub.sys – (tsusbhub)
DRV - [2010/11/20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\Synth3dVsc.sys – (Synth3dVsc)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\dmvsc.sys – (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\System32\drivers\vmstorfl.sys – (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\winusb.sys – (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\storvsc.sys – (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\TsUsbGD.sys – (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\terminpt.sys – (terminpt)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\VMBusHID.sys – (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vms3cap.sys – (s3cap)
DRV - [2010/10/08 16:35:24 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\tmactmon.sys – (tmactmon)
DRV - [2010/10/08 16:35:16 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\tmevtmgr.sys – (tmevtmgr)
DRV - [2010/10/08 16:35:08 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\tmcomm.sys – (tmcomm)
DRV - [2010/08/12 09:38:02 | 000,190,592 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\qcusbserhp2k.sys – (qcusbserhp2k)
DRV - [2010/08/12 09:38:02 | 000,106,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\qcombushp.sys – (qcombushp)
DRV - [2010/08/12 09:38:00 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\qcfilterhp2k.sys – (qcfilterhp2k)
DRV - [2010/03/22 20:41:00 | 002,697,600 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\BCMWL5.SYS – (BCM43XX)
DRV - [2010/03/17 04:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\stwrt.sys – (STHDA)

DRV - [2010/01/07 11:43:36 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\tmwfp.sys – (tmwfp)
DRV - [2010/01/07 11:43:24 | 000,146,960 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] – C:\Windows\System32\drivers\tmlwf.sys – (tmlwf)
DRV - [2010/01/07 11:43:04 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] – C:\Windows\System32\drivers\tmtdi.sys – (tmtdi)
DRV - [2009/12/11 21:54:16 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Running] – C:\Windows\System32\drivers\rixdpe86.sys – (rixdpcie)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\CVPNDRVA.sys – (CVPNDRVA)
DRV - [2009/10/30 07:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\IntcDAud.sys – (IntcDAud)
DRV - [2009/10/28 17:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Running] – C:\Windows\System32\drivers\risdpe86.sys – (risdpcie)
DRV - [2009/10/26 14:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] – C:\Windows\System32\drivers\rimspe86.sys – (rimspci)
DRV - [2009/10/26 13:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\Impcd.sys – (Impcd)
DRV - [2009/09/18 11:21:00 | 000,315,392 | ---- | M] (Marvell) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\yk62x86.sys – (yukonw7)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\CCM\PrepDrv.sys – (prepdrvr)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\HECI.sys – (HECI)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\AGRSM.sys – (AgereSoftModem)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\rimmptsk.sys – (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\rixdptsk.sys – (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\rimsptsk.sys – (rimsptsk)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\dne2000.sys – (DNE)
DRV - [2008/07/23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\ifxtpm.sys – (IFXTPM)
DRV - [2008/06/27 11:41:02 | 000,103,680 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\qcusbserhp.sys – (qcusbserhp)
DRV - [2008/05/23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] – C:\Windows\System32\drivers\hpdskflt.sys – (hpdskflt)
DRV - [2008/05/23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\Accelerometer.sys – (Accelerometer)
DRV - [2008/04/03 17:40:44 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\btwhid.sys – (btwhid)
DRV - [2008/04/03 17:40:44 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\btport.sys – (BTDriver)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\CVirtA.sys – (CVirtA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM..\SearchScopes,DefaultScope =

IE - HKU.DEFAULT..\SearchScopes,DefaultScope =
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-19..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 6E E9 87 01 A6 CD 01 [binary data]
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272..\URLSearchHook: {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - No CLSID value found
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272..\SearchScopes,DefaultScope = $currentSearchProvider
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272..\SearchScopes{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: “URL” = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8FCB9B6856EA718FD6693B50753C4C13&q={searchTerms}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272..\SearchScopes{493CF50D-8EED-4AA4-8A88-B12AA6DDC4F5}: “URL” = http://www.google.it/search?hl=it&q={searchTerms}&meta=
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272..\SearchScopes{8A244612-A1F7-11E0-95C0-E71F4824019B}: “URL” = http://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.search.selectedEngine: “Google”
FF - prefs.js…browser.search.suggest.enabled: false
FF - prefs.js…browser.search.useDBForOrder: true
FF - prefs.js…keyword.URL: “http://www.google.com/search?btnI=I’m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js…browser.search.selectedEngine: “blekko”
FF - prefs.js…browser.startup.homepage: “http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins@hypercosm.com/HypercosmPlayer: C:\Program Files\Hypercosm\Hypercosm Player\components\nphypercosm.dll (Hypercosm LLC)
FF - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Users\M1\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Users\M1\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\Components: C:\Program Files\Mozilla Firefox\components [2012/10/10 11:12:39 | 000,000,000 | —D | M]
[2011/09/12 15:48:35 | 000,000,000 | —D | M] (No name found) – C:\Users\M1\AppData\Roaming\mozilla\Extensions
[2012/10/10 11:12:23 | 000,000,000 | —D | M] (No name found) – C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions
[2012/10/10 11:12:15 | 000,000,000 | —D | M] (Ad-Aware Security Add-on) – C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/10/08 14:11:02 | 000,000,000 | —D | M] (DownloadHelper) – C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/08 11:26:49 | 000,000,000 | —D | M] (Greasemonkey) – C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/10/08 14:10:57 | 000,000,000 | —D | M] (“Vid-Saver”) – C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\crossriderapp3491@crossrider.com
[2012/10/10 11:12:25 | 000,000,000 | —D | M] (Lavasoft Search Plugin) – C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/08 14:10:56 | 000,000,000 | —D | M] (No name found) – C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\crossriderapp3491@crossrider.com\chrome\content\extensionCode
[2011/09/12 17:35:20 | 000,002,023 | ---- | M] () – C:\Users\M1\AppData\Roaming\mozilla\firefox\profiles\9p3j86vm.default\searchplugins\badoo.xml
[2011/09/12 15:48:03 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) – C:\PROGRAMDATA\BROWSER MANAGER\2.2.587.187{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
File not found (No name found) – C:\USERS\M1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9P3J86VM.DEFAULT\EXTENSIONS{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}
[2012/05/29 09:03:52 | 000,097,208 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/10 11:12:21 | 000,000,616 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/05/29 09:03:48 | 000,001,393 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\amazon-it.xml
[2012/05/29 09:03:48 | 000,002,252 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/29 09:03:48 | 000,000,744 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2012/05/29 09:03:48 | 000,000,817 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\hoepli.xml
[2012/05/29 09:03:48 | 000,001,182 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/05/29 09:03:48 | 000,000,953 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
CHR - default_search_provider: blekko (Enabled)
CHR - default_search_provider: search_url = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8FCB9B6856EA718FD6693B50753C4C13&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Cortona3D Viewer (Enabled) = C:\Program Files\Common Files\ParallelGraphics\Cortona\npcortona.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Hypercosm Player (Enabled) = C:\Program Files\Hypercosm\Hypercosm Player\components\nphypercosm.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Vid-Saver = C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Toolbar\WebBrowser: (no name) - {1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} - No CLSID value found.
O4 - HKLM…\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM…\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM…\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM…\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKLM…\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM…\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM…\Run: [SBRegRebootCleaner] C:\Program Files\Ad-Aware Antivirus\SBRC.exe (GFI Software)
O4 - HKLM…\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272…\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272…\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found

O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272…\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272…\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272…\Run: [KiesTrayAgent] c:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272…\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272…\Run: [SmartRAM] “C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\Suo10_SmartRAM.exe” /m File not found
O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272…\RunOnce: [adawarebp] reg.exe delete “HKCU\Software\AppDataLow\Software\adawarebp” /f File not found
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272…\RunOnce: [adawarebp_XP] reg.exe delete “HKCU\Software\adawarebp” /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-299502267-261478967-725345543-63272\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM..Trusted Domains: peoplereview (http in Trusted sites)
O15 - HKLM..Trusted Domains: peoplereview (https in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272..Trusted Domains: antexweb.net ([archiviazione] https in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272..Trusted Domains: intranet.fw ([webdms] http in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272..Trusted Domains: peoplereview (http in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272..Trusted Domains: peoplereview (https in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/IT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E70B0D09-3B24-43B7-A7B4-F13658C9B2E8} http://webdms.intranet.fw/UfficioAcquisti/DF_ucPDFzoom.CAB (DF_ucPDF.UserControlPDF)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.31.0.120 10.31.0.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fastwebit.ofc
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{E432B742-CDD9-4C12-8E4A-BB15AFC05933}: DhcpNameServer = 10.31.0.120 10.31.0.110
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk )
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions)
O35 - HKLM..comfile [open] – “%1” %

O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*
O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/10 13:26:23 | 000,602,112 | ---- | C] (OldTimer Tools) – C:\Users\M1\Desktop\OTL (1).exe
[2012/10/10 12:28:44 | 000,040,776 | ---- | C] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/10 11:20:55 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Roaming\LavasoftStatistics
[2012/10/10 11:13:44 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/10/10 11:13:38 | 000,093,816 | ---- | C] (GFI Software) – C:\Windows\System32\drivers\sbhips.sys
[2012/10/10 11:13:33 | 000,000,000 | —D | C] – C:\ProgramData\Lavasoft
[2012/10/10 11:13:31 | 000,000,000 | —D | C] – C:\Windows\System32\drivers\VDD
[2012/10/10 11:13:31 | 000,000,000 | —D | C] – C:\Program Files\Ad-Aware Antivirus
[2012/10/10 11:12:38 | 000,000,000 | —D | C] – C:\ProgramData\blekko toolbars
[2012/10/10 11:12:37 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local\adawarebp
[2012/10/10 11:12:35 | 000,000,000 | —D | C] – C:\ProgramData\Ad-Aware Browsing Protection

[2012/10/10 11:12:27 | 000,000,000 | —D | C] – C:\Program Files\Toolbar Cleaner
[2012/10/10 11:12:08 | 000,000,000 | —D | C] – C:\Program Files\adawaretb
[2012/10/10 11:11:27 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Roaming\Ad-Aware Antivirus
[2012/10/10 09:11:10 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{45CB5A75-AC95-4ADF-A6B1-9202A251DFC8}
[2012/10/09 10:10:29 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Roaming\Malwarebytes
[2012/10/09 10:09:37 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware
[2012/10/09 10:09:36 | 000,000,000 | —D | C] – C:\ProgramData\Malwarebytes
[2012/10/09 10:09:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbam.sys
[2012/10/09 10:09:24 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware
[2012/10/09 08:09:29 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{89AD5C2E-BE33-4427-8FFE-2660777B4465}
[2012/10/08 14:31:07 | 000,000,000 | —D | C] – C:\ISM
[2012/10/08 14:29:31 | 000,000,000 | —D | C] – C:\ISM Downloader
[2012/10/08 14:18:47 | 000,000,000 | —D | C] – C:\Program Files\ConvertHelper
[2012/10/08 14:17:22 | 000,000,000 | —D | C] – C:\Users\M1\dwhelper
[2012/10/08 13:56:37 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/10/08 11:30:27 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDP Multimedia
[2012/10/08 11:30:26 | 000,000,000 | —D | C] – C:\Program Files\SDP Multimedia
[2012/10/08 11:15:34 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Roaming\ProgSense
[2012/10/08 11:15:25 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Roaming\GrabPro
[2012/10/08 11:15:25 | 000,000,000 | —D | C] – C:\downloads
[2012/10/08 11:15:23 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/10/08 11:15:19 | 000,000,000 | —D | C] – C:\Program Files\Orbitdownloader
[2012/10/08 11:14:51 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Roaming\Orbit
[2012/10/08 08:40:19 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{29B7353F-6B81-4B0B-9AF9-E01CF076C9AD}
[2012/10/05 07:56:30 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{C22A585A-B408-421D-91A7-8A8F61D93A14}
[2012/10/04 08:59:58 | 000,000,000 | —D | C] – C:\Inferriate
[2012/10/04 08:27:15 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{B222E37A-9A4D-4CAD-BA37-49E5C529C5C9}
[2012/10/03 08:00:27 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{6067D0AB-89EC-4FC1-A6D7-406A34F70C54}
[2012/10/02 16:17:10 | 000,161,792 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\msls31.dll
[2012/10/02 16:17:10 | 000,074,752 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\RegisterIEPKEYs.exe
[2012/10/02 16:17:10 | 000,065,024 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\jsproxy.dll
[2012/10/02 16:17:09 | 000,176,640 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\ieui.dll
[2012/10/02 16:17:09 | 000,162,304 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\msrating.dll
[2012/10/02 16:17:09 | 000,130,560 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\ieakeng.dll
[2012/10/02 16:17:09 | 000,110,592 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\IEAdvpack.dll
[2012/10/02 16:17:09 | 000,086,528 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\iesysprep.dll
[2012/10/02 16:17:09 | 000,076,800 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\SetIEInstalledDate.exe
[2012/10/02 16:17:09 | 000,048,640 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\mshtmler.dll
[2012/10/02 16:17:09 | 000,041,472 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\msfeedsbs.dll
[2012/10/02 16:17:09 | 000,010,752 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\msfeedssync.exe
[2012/10/02 16:17:08 | 000,367,104 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\html.iec
[2012/10/02 16:17:08 | 000,353,792 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\dxtmsft.dll
[2012/10/02 16:17:08 | 000,223,232 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\dxtrans.dll
[2012/10/02 16:17:07 | 003,695,416 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\ieapfltr.dat
[2012/10/02 16:17:07 | 000,434,176 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\ieapfltr.dll
[2012/10/02 16:17:07 | 000,231,936 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\url.dll
[2012/10/02 16:17:07 | 000,074,752 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\iesetup.dll
[2012/10/02 16:17:07 | 000,074,240 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\ie4uinit.exe
[2012/10/02 16:17:07 | 000,031,744 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\iernonce.dll
[2012/10/02 16:17:06 | 001,427,968 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\inetcpl.cpl
[2012/10/02 16:17:06 | 000,353,584 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\iedkcs32.dll
[2012/10/02 16:17:06 | 000,152,064 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\wextract.exe
[2012/10/02 16:17:06 | 000,078,848 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\inseng.dll
[2012/10/02 16:17:06 | 000,023,552 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\licmgr10.dll
[2012/10/02 16:17:05 | 002,382,848 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\mshtml.tlb
[2012/10/02 16:17:05 | 000,607,744 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\msfeeds.dll
[2012/10/02 16:17:05 | 000,150,528 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\iexpress.exe
[2012/10/02 16:17:05 | 000,142,848 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\ieUnatt.exe
[2012/10/02 16:17:05 | 000,054,272 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\pngfilt.dll
[2012/10/02 16:17:04 | 001,800,704 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\jscript9.dll
[2012/10/02 16:17:04 | 000,227,840 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\ieaksie.dll
[2012/10/02 16:17:04 | 000,163,840 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\ieakui.dll
[2012/10/02 16:17:04 | 000,101,888 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\admparse.dll
[2012/10/02 16:17:04 | 000,035,840 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\imgutil.dll
[2012/10/02 16:17:03 | 000,118,784 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\iepeers.dll
[2012/10/02 07:34:06 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{FF48B980-E9E5-4CF4-90C6-48B27DE3148C}
[2012/10/01 10:14:32 | 000,000,000 | —D | C] – C:\SMALL Metroring
[2012/10/01 08:48:12 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{979EE470-0782-4BAF-8BC7-2957A2C1BBA2}
[2012/09/28 08:46:46 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{A1507E9E-0077-4FC4-9F34-EC290154EBFA}
[2012/09/27 08:42:27 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{7F9D6C4A-D985-4651-A693-C5B52B2F350A}
[2012/09/26 08:42:43 | 000,245,760 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\OxpsConverter.exe
[2012/09/26 08:40:17 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{E091E540-7D76-438E-ACBE-EE9809F4DB28}
[2012/09/24 09:56:39 | 000,000,000 | —D | C] – C:\Teresi
[2012/09/24 08:59:34 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{6879350F-37A4-4709-995D-CC7F943F2CE8}
[2012/09/21 07:56:51 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{EDB56023-F1B0-44B5-BB01-A2D1E7BD3094}
[2012/09/20 08:34:14 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{4930AAD6-BC9D-42A3-8F37-B46781781072}
[2012/09/19 16:10:38 | 000,000,000 | —D | C] – C:\GDF
[2012/09/19 14:21:18 | 000,000,000 | —D | C] – C:\Convenzioni Enterprise 2012
[2012/09/19 13:44:31 | 000,000,000 | —D | C] – C:\CONSIP 2012
[2012/09/19 11:34:25 | 000,000,000 | —D | C] – C:\DA CANCELLARE
[2012/09/19 08:34:53 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{BD6900A7-E79C-4BAB-98A3-D1021463F266}
[2012/09/18 07:58:18 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{15AD6A13-2DF6-44B6-8094-AF4B81EDE54A}
[2012/09/17 17:10:45 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local\WinTestGear
[2012/09/17 17:08:26 | 000,000,000 | —D | C] – C:\Users\M1.eclipse
[2012/09/17 08:18:45 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{0110A67F-AA3E-4BCA-A2A4-6804CC7A0607}

[2012/09/14 07:56:52 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{07478AB3-45B8-4046-8A07-015FDFA1B745}
[2012/09/13 07:57:27 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{26AAA7AA-37B9-4B9B-87EC-67DBC6B495BC}
[2012/09/12 14:39:22 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) – C:\Windows\System32\drivers\ssudmdm.sys
[2012/09/12 14:39:21 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) – C:\Windows\System32\drivers\ssudbus.sys
[2012/09/12 08:16:40 | 000,033,280 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 08:16:37 | 000,490,496 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\d3d10level9.dll
[2012/09/12 08:16:37 | 000,240,496 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\drivers\netio.sys
[2012/09/12 08:16:37 | 000,187,760 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 08:14:20 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{B31494D8-CCBB-46B8-8F99-F28B2A188517}
[2012/09/11 10:26:10 | 000,000,000 | —D | C] – C:\Users\M1\Desktop\DVD
[2012/09/11 09:38:55 | 000,000,000 | —D | C] – C:\Users\M1\Desktop\Ceramiche
[2012/09/11 07:48:52 | 000,000,000 | —D | C] – C:\Users\M1\AppData\Local{B6A44A5E-5E7B-4F85-9A3C-59DF3D626835}
[5 C:\Users\M1\Desktop*.tmp files → C:\Users\M1\Desktop*.tmp → ]
[1 C:\Users\M1\Documents*.tmp files → C:\Users\M1\Documents*.tmp → ]
[1 C:\Users\M1\AppData\Roaming*.tmp files → C:\Users\M1\AppData\Roaming*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2012/10/10 13:32:50 | 000,000,104 | ---- | M] () – C:\Windows\System32\SBRC.dat
[2012/10/10 13:26:29 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\M1\Desktop\OTL (1).exe
[2012/10/10 13:23:02 | 000,001,144 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/10 12:52:02 | 000,001,176 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261478967-725345543-63272UA.job
[2012/10/10 12:47:02 | 000,000,830 | ---- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/10 12:28:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/10 11:24:48 | 000,001,828 | ---- | M] () – C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/10 09:23:02 | 000,001,140 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/10 09:18:19 | 000,640,032 | ---- | M] () – C:\Windows\System32\perfh009.dat
[2012/10/10 09:18:19 | 000,111,658 | ---- | M] () – C:\Windows\System32\perfc009.dat
[2012/10/10 09:17:54 | 000,022,224 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 09:17:54 | 000,022,224 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 09:12:27 | 000,000,405 | ---- | M] () – C:\Windows\SMSCFG.INI
[2012/10/10 09:10:00 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat
[2012/10/10 09:09:53 | 2357,542,912 | -HS- | M] () – C:\hiberfil.sys
[2012/10/09 16:57:46 | 000,016,101 | ---- | M] () – C:\Windows\cfgall.ini
[2012/10/09 13:52:01 | 000,001,124 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261478967-725345543-63272Core.job
[2012/10/09 10:56:39 | 000,043,420 | ---- | M] () – C:\Users\M1\Desktop\scaled.png
[2012/10/09 10:47:59 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 10:47:58 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/09 10:09:37 | 000,001,069 | ---- | M] () – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/08 15:13:59 | 000,000,000 | RHS- | M] () – C:\MSDOS.SYS
[2012/10/08 15:13:59 | 000,000,000 | RHS- | M] () – C:\IO.SYS
[2012/10/08 13:59:20 | 000,000,098 | ---- | M] () – C:\user.js
[2012/10/08 13:56:37 | 000,001,026 | ---- | M] () – C:\Users\Public\Desktop\VLC media player.lnk
[2012/10/08 13:55:36 | 022,617,148 | ---- | M] () – C:\Users\M1\Desktop\vlc-2.0.3-win32.exe
[2012/10/08 11:30:27 | 000,001,081 | ---- | M] () – C:\Users\Public\Desktop\SDP Downloader.lnk
[2012/10/08 11:15:23 | 000,001,035 | ---- | M] () – C:\Users\M1\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012/10/08 11:15:23 | 000,001,011 | ---- | M] () – C:\Users\M1\Desktop\Orbit.lnk
[2012/10/05 10:40:41 | 000,325,309 | ---- | M] () – C:\Users\M1\Desktop\1.MHTML
[2012/10/03 07:59:56 | 000,001,409 | ---- | M] () – C:\Users\M1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/02 16:17:10 | 000,161,792 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\msls31.dll
[2012/10/02 16:17:10 | 000,074,752 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\RegisterIEPKEYs.exe
[2012/10/02 16:17:10 | 000,065,024 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\jsproxy.dll
[2012/10/02 16:17:09 | 000,176,640 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\ieui.dll
[2012/10/02 16:17:09 | 000,162,304 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\msrating.dll
[2012/10/02 16:17:09 | 000,130,560 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\ieakeng.dll
[2012/10/02 16:17:09 | 000,110,592 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\IEAdvpack.dll
[2012/10/02 16:17:09 | 000,086,528 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\iesysprep.dll
[2012/10/02 16:17:09 | 000,076,800 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\SetIEInstalledDate.exe
[2012/10/02 16:17:09 | 000,048,640 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\mshtmler.dll
[2012/10/02 16:17:09 | 000,041,472 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\msfeedsbs.dll
[2012/10/02 16:17:09 | 000,010,752 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\msfeedssync.exe
[2012/10/02 16:17:08 | 000,367,104 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\html.iec
[2012/10/02 16:17:08 | 000,353,792 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\dxtmsft.dll
[2012/10/02 16:17:08 | 000,223,232 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\dxtrans.dll
[2012/10/02 16:17:07 | 003,695,416 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\ieapfltr.dat
[2012/10/02 16:17:07 | 000,434,176 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\ieapfltr.dll
[2012/10/02 16:17:07 | 000,231,936 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\url.dll
[2012/10/02 16:17:07 | 000,074,752 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\iesetup.dll
[2012/10/02 16:17:07 | 000,074,240 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\ie4uinit.exe
[2012/10/02 16:17:07 | 000,072,822 | ---- | M] () – C:\Windows\System32\ieuinit.inf
[2012/10/02 16:17:07 | 000,031,744 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\iernonce.dll
[2012/10/02 16:17:06 | 001,427,968 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\inetcpl.cpl
[2012/10/02 16:17:06 | 000,353,584 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\iedkcs32.dll
[2012/10/02 16:17:06 | 000,152,064 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\wextract.exe
[2012/10/02 16:17:06 | 000,078,848 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\inseng.dll
[2012/10/02 16:17:06 | 000,023,552 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\licmgr10.dll
[2012/10/02 16:17:05 | 002,382,848 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\mshtml.tlb
[2012/10/02 16:17:05 | 000,607,744 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\msfeeds.dll
[2012/10/02 16:17:05 | 000,150,528 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\iexpress.exe
[2012/10/02 16:17:05 | 000,142,848 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\ieUnatt.exe
[2012/10/02 16:17:05 | 000,054,272 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\pngfilt.dll
[2012/10/02 16:17:04 | 001,800,704 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\jscript9.dll
[2012/10/02 16:17:04 | 000,227,840 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\ieaksie.dll
[2012/10/02 16:17:04 | 000,163,840 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\ieakui.dll
[2012/10/02 16:17:04 | 000,101,888 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\admparse.dll
[2012/10/02 16:17:04 | 000,035,840 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\imgutil.dll
[2012/10/02 16:17:03 | 000,118,784 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\iepeers.dll
[5 C:\Users\M1\Desktop*.tmp files → C:\Users\M1\Desktop*.tmp → ]
[1 C:\Users\M1\Documents*.tmp files → C:\Users\M1\Documents*.tmp → ]
[1 C:\Users\M1\AppData\Roaming*.tmp files → C:\Users\M1\AppData\Roaming*.tmp → ]

========== Files Created - No Company Name ==========

[2012/10/10 13:32:07 | 000,000,104 | ---- | C] () – C:\Windows\System32\SBRC.dat
[2012/10/10 11:13:45 | 000,001,828 | ---- | C] () – C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/09 10:09:37 | 000,001,069 | ---- | C] () – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/08 15:13:59 | 000,000,000 | RHS- | C] () – C:\MSDOS.SYS
[2012/10/08 15:13:59 | 000,000,000 | RHS- | C] () – C:\IO.SYS
[2012/10/08 13:59:20 | 000,000,098 | ---- | C] () – C:\user.js
[2012/10/08 13:54:35 | 022,617,148 | ---- | C] () – C:\Users\M1\Desktop\vlc-2.0.3-win32.exe
[2012/10/08 11:30:27 | 000,001,081 | ---- | C] () – C:\Users\Public\Desktop\SDP Downloader.lnk
[2012/10/08 11:15:23 | 000,001,035 | ---- | C] () – C:\Users\M1\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012/10/08 11:15:23 | 000,001,011 | ---- | C] () – C:\Users\M1\Desktop\Orbit.lnk
[2012/10/05 10:40:41 | 000,325,309 | ---- | C] () – C:\Users\M1\Desktop\1.MHTML
[2012/07/24 12:24:25 | 000,007,622 | ---- | C] () – C:\Users\M1\AppData\Local\Resmon.ResmonCfg
[2011/07/26 17:26:46 | 000,974,848 | ---- | C] () – C:\Windows\System32\cis-2.4.dll
[2011/07/26 17:26:46 | 000,081,920 | ---- | C] () – C:\Windows\System32\issacapi_bs-2.3.dll
[2011/07/26 17:26:46 | 000,065,536 | ---- | C] () – C:\Windows\System32\issacapi_pe-2.3.dll
[2011/07/26 17:26:46 | 000,057,344 | ---- | C] () – C:\Windows\System32\issacapi_se-2.3.dll
[2011/07/22 09:52:07 | 000,002,249 | ---- | C] () – C:\Windows\ricdb.ini
[2011/07/21 14:20:23 | 000,004,916 | RHS- | C] () – C:\Users\M1\ntuser.pol
[2011/07/15 18:45:39 | 000,000,687 | ---- | C] () – C:\Windows\saplogon.ini
[2011/07/15 18:07:21 | 000,051,200 | ---- | C] () – C:\Windows\System32\h5tool32.dll
[2011/07/15 18:07:20 | 000,175,616 | ---- | C] () – C:\Windows\System32\h5menu32.dll
[2011/07/15 18:07:20 | 000,095,744 | ---- | C] () – C:\Windows\System32\h5rtf32.dll
[2011/07/15 18:07:17 | 001,064,960 | ---- | C] () – C:\Windows\System32\h5krnl32.dll
[2011/07/15 18:07:16 | 000,188,928 | ---- | C] () – C:\Windows\System32\h5icon32.dll
[2011/07/15 18:06:11 | 000,015,872 | ---- | C] () – C:\Windows\System32\vtssm32.dll
[2011/07/15 17:45:17 | 000,016,101 | ---- | C] () – C:\Windows\cfgall.ini
[2011/07/15 17:33:10 | 000,311,296 | ---- | C] () – C:\Windows\System32\siecaces.dll
[2011/07/15 17:33:10 | 000,184,320 | ---- | C] () – C:\Windows\System32\gmp4_2_1.dll
[2011/07/15 17:33:10 | 000,028,672 | ---- | C] () – C:\Windows\System32\siecacsp.dll
[2011/07/15 16:56:44 | 000,004,764 | ---- | C] () – C:\Windows\System32\CcmFramework.ini
[2011/07/15 16:55:40 | 000,000,405 | ---- | C] () – C:\Windows\SMSCFG.INI
[2011/07/12 15:10:23 | 000,005,849 | RHS- | C] () – C:\ProgramData\ntuser.pol
[2011/07/12 09:48:35 | 000,524,288 | ---- | C] () – C:\Windows\System32\xvidcore.dll
[2011/07/12 09:48:35 | 000,139,264 | ---- | C] () – C:\Windows\System32\xvidvfw.dll
[2011/02/09 18:25:58 | 000,870,544 | ---- | C] () – C:\Windows\System32\igkrng575.bin
[2011/02/09 18:25:58 | 000,208,896 | ---- | C] () – C:\Windows\System32\iglhsip32.dll
[2011/02/09 18:25:58 | 000,143,360 | ---- | C] () – C:\Windows\System32\iglhcp32.dll
[2011/02/09 18:25:56 | 000,127,896 | ---- | C] () – C:\Windows\System32\igcompkrng575.bin
[2011/02/09 18:25:56 | 000,050,036 | ---- | C] () – C:\Windows\System32\igfcg575m.bin
[2011/02/09 18:25:56 | 000,004,096 | ---- | C] ( ) – C:\Windows\System32\IGFXDEVLib.dll
[2011/02/09 18:25:55 | 000,000,151 | ---- | C] () – C:\Windows\System32\GfxUI.exe.config
[2010/11/20 23:29:34 | 000,080,896 | ---- | C] () – C:\Windows\System32\RDVGHelper.exe
[2010/11/20 23:29:26 | 000,066,048 | ---- | C] () – C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
“” = %SystemRoot%\system32\shell32.dll – [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
“” = %systemroot%\system32\wbem\fastprox.dll – [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
“” = %systemroot%\system32\wbem\wbemess.dll – [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 03:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\aelupsvc.dll – (AeLookupSvc)
SRV - [2010/11/20 23:29:19 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\appinfo.dll – (Appinfo)
SRV - [2009/07/14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\alg.exe – (ALG)
SRV - [2010/11/20 23:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\qmgr.dll – (BITS)
SRV - [2010/11/20 23:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\BFE.DLL – (BFE)
SRV - [2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\lsass.exe – (KeyIso)
SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\es.dll – (EventSystem)
SRV - [2012/07/04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\browser.dll – (Browser)
SRV - [2012/04/24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\cryptsvc.dll – (CryptSvc)
SRV - [2010/11/20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\rpcss.dll – (DcomLaunch)
SRV - [2010/11/20 23:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\dhcpcore.dll – (Dhcp)
SRV - [2011/03/03 07:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\dnsrslvr.dll – (Dnscache)
SRV - [2009/07/14 03:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\eapsvc.dll – (EapHost)
SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\hidserv.dll – (hidserv)
SRV - [2009/07/14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\System32\ipnathlp.dll – (SharedAccess)
SRV - [2010/11/20 23:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\IPSECSVC.DLL – (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\swprv.dll – (swprv)
SRV - [2009/07/14 03:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\mmcss.dll – (MMCSS)
SRV - [2009/07/14 03:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\netman.dll – (Netman)
SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\netprofm.dll – (netprofm)
SRV - [2010/11/20 23:29:11 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\nlasvc.dll – (NlaSvc)
SRV - [2009/07/14 03:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\nsisvc.dll – (nsi)
SRV - [2011/05/24 12:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\umpnpmgr.dll – (PlugPlay)
SRV - [2012/02/11 07:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\spoolsv.exe – (Spooler)
SRV - [2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\lsass.exe – (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 03:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\rasauto.dll – (RasAuto)
SRV - [2010/11/20 23:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\rasmans.dll – (RasMan)
SRV - [2010/11/20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\rpcss.dll – (RpcSs)
SRV - [2009/07/14 03:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\seclogon.dll – (seclogon)

SRV - [2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\lsass.exe – (SamSs)
SRV - [2009/07/14 03:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\wscsvc.dll – (wscsvc)
SRV - [2010/11/20 23:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\srvsvc.dll – (LanmanServer)
SRV - [2010/11/20 23:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\shsvcs.dll – (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 23:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\schedsvc.dll – (Schedule)
SRV - [2010/11/20 23:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\tapisrv.dll – (TapiSrv)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\themeservice.dll – (Themes)
SRV - [2012/05/01 06:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\profsvc.dll – (ProfSvc)
SRV - [2010/11/20 23:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\VSSVC.exe – (VSS)
SRV - [2010/11/20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\audiosrv.dll – (Audiosrv)
SRV - [2010/11/20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\audiosrv.dll – (AudioEndpointBuilder)
SRV - [2010/11/20 23:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sdrsvc.dll – (SDRSVC)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV - [2010/11/20 23:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\wevtsvc.dll – (eventlog)
SRV - [2010/11/20 23:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\MPSSVC.dll – (MpsSvc)
SRV - [2010/11/20 23:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\wiaservc.dll – (StiSvc)
SRV - [2010/11/20 23:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\msiexec.exe – (msiserver)
SRV - [2009/07/14 03:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\wbem\WMIsvc.dll – (Winmgmt)
SRV - [2012/06/03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\wuaueng.dll – (wuauserv)
SRV - [2010/11/20 23:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\dot3svc.dll – (dot3svc)
SRV - [2009/07/14 03:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\wlansvc.dll – (Wlansvc)
SRV - [2010/11/20 23:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\wkssvc.dll – (LanmanWorkstation)

< %SYSTEMDRIVE%*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 – C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 – C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E – C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E – C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2011/07/21 14:30:20 | 000,021,282 | ---- | M] () MD5=2D8AF6FD457C5B2E39ACC75F387C1CA8 – C:\Windows\System32\drivers\etc\services
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 – C:\Windows\winsxs\x86_microsoft-windows-w…nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 – C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 – C:\Windows\winsxs\x86_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 03:29:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 – C:\Windows\System32\en-US\services.exe.mui
[2011/04/12 03:29:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 – C:\Windows\winsxs\x86_microsoft-windows-s…ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 – C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\Windows\System32\wbem\services.mof
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\Windows\winsxs\x86_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 03:29:15 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\System32\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\System32\services.msc
[2011/04/12 03:29:15 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\x86_microsoft-windows-s…cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\Windows\winsxs\x86_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE – C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 – C:\Windows\System32\userinit.exe
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 – C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE – C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 – C:\Windows\System32\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 – C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009/07/13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B – C:\Windows\System32\WINSOCK.DLL
[2009/07/13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B – C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< End of report >

Finished !
Any result ?
ty :slight_smile:

You could have attached it ;D

OK let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes,DefaultScope = $currentSearchProvider
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
FF - prefs.js..browser.search.selectedEngine: "blekko"
[2012/10/08 14:10:57 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\crossriderapp3491@crossrider.com
[2011/09/12 17:35:20 | 000,002,023 | ---- | M] () -- C:\Users\M1\AppData\Roaming\mozilla\firefox\profiles\9p3j86vm.default\searchplugins\badoo.xml
O2 - BHO: (no name) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\Toolbar\WebBrowser: (no name) - {1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} - No CLSID value found.
[2012/10/10 11:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars

:Files
C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Here I am…
:slight_smile:
thank you in advance for your support !

as essexboy already stated…it is easyer if you attach the logs here…not copy and paste

just below the box you write in here you will see “attachment and other options” click that to attach

Are you still getting the alerts ?

Well… after pasting the script into OTL editor I clicked OK to reboot the computer and the alerts disappeared !
Now, I’ve just turn on my pc and I’ve still found the alerts… mmmmhh :frowning: