Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijacked Internet pages [Solved]

Started by Kristina , Oct 28 2012 06:36 AM

Page 3 of 9
1
2
3
4
5

This topic is locked

#31
Essexboy

Posted 31 October 2012 - 01:46 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you type in the search box services.msc
At the top you will see services, select that

Once services opens locate security centre
Right click it and select properties
Where I have indicated select Automatic (Delayed Start)
Click Start
Then click apply

Reboot the computer and check that the security centre is turned on

Also could you check for redirects again please

#32
Kristina

Posted 31 October 2012 - 03:15 PM

Member

Topic Starter
Member
319 posts

This solved the problem with the Security centre.

And wow, the web pages load a lot faster!

No hijacks for now and occasionally I needed to press the reload button for some pages. Waiting to see how it evolves...

#33
Essexboy

Posted 31 October 2012 - 03:16 PM

GeekU Moderator

Retired Staff
69,964 posts

Use the computer as normal and let me know tomorrow of any outstanding problems

#34
Kristina

Posted 31 October 2012 - 03:28 PM

Member

Topic Starter
Member
319 posts

I just noticed I have at startup the program IJITECL (Microsoft Corporation). It appears in Advanced System Care which I use, but I think I never saw this program before, I saw this name appeared in the scan logs. Is there something wrong, or it's normal to be there?

Attached Thumbnails

Edited by Kristina, 31 October 2012 - 03:35 PM.

#35
Essexboy

Posted 31 October 2012 - 03:38 PM

GeekU Moderator

Retired Staff
69,964 posts

c:\windows\Tasks\IJITECL.job
c:\windows\system32\fltMCR.dll

It is associated with these two which I deleted with OTL, is Advanced System Care creating that ?

#36
Kristina

Posted 31 October 2012 - 03:50 PM

Member

Topic Starter
Member
319 posts

I have no idea if this is connected with Advanced System Care. I have used the program for long time and had no problems.

Also when I look with msconfig what startup programs I have, IJITECL doesn't appear.

Edited by Kristina, 31 October 2012 - 03:54 PM.

#37
Essexboy

Posted 31 October 2012 - 03:58 PM

GeekU Moderator

Retired Staff
69,964 posts

Lets see if they are still on the system

Run OTL with the following custom scan please

/md5start
IJITECL.*
fltMCR.*
/md5stop

#38
Kristina

Posted 31 October 2012 - 04:20 PM

Member

Topic Starter
Member
319 posts

OTL logfile created on: 01.11.2012 00:11:39 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adina\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,30 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 61,77% Memory free
4,30 Gb Paging File | 2,85 Gb Available in Paging File | 66,16% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 32,80 Gb Free Space | 33,62% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 122,78 Gb Free Space | 33,36% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 29,34 Gb Free Space | 12,60% Space Free | Partition Type: NTFS

Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.31 15:24:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL.exe
PRC - [2012.10.30 13:35:04 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.30 13:34:55 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.30 13:34:55 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.30 00:27:33 | 000,963,984 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012.10.24 19:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.10.13 16:02:30 | 003,764,608 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
PRC - [2012.10.13 14:59:40 | 000,698,240 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012.10.12 15:33:10 | 001,026,432 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012.09.24 21:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.18 12:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012.07.20 20:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.25 03:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2012.10.24 19:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.09.19 17:19:28 | 001,229,696 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\Scan.dll
MOD - [2012.07.14 10:52:04 | 000,892,288 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\webres.dll
MOD - [2012.06.10 10:21:44 | 000,516,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\sqlite3.dll
MOD - [2012.05.25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012.05.25 03:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2009.09.15 18:20:50 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2009.09.15 18:20:50 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2009.09.15 18:20:46 | 000,342,528 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2009.05.15 23:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008.12.06 00:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll

========== Services (SafeList) ==========

SRV - [2012.10.30 13:35:04 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.30 13:34:55 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.30 00:28:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.24 01:13:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.12 15:33:10 | 001,026,432 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.15 10:02:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.08.18 12:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 20:08:04 | 008,186,368 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2011.12.22 18:11:20 | 000,818,952 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011.01.06 01:19:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012.10.30 13:35:04 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.24 08:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 09:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.10.30 12:14:50 | 000,027,600 | ---- | M] (CrystalIdea Software) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\CisUtMonitor.sys -- (CisUtMonitor)
DRV - [2011.08.07 13:45:06 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.08.07 13:45:06 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.03 00:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 04:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 19:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 15:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 15:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 15:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 15:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A13074A0-3EF3-4E01-854B-8977D377AF24}
IE - HKCU\..\SearchScopes\{A13074A0-3EF3-4E01-854B-8977D377AF24}: "URL" = http://www.google.co...1I7GUEA_enRO461
IE - HKCU\..\SearchScopes\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011.12.07 12:53:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 00:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 22:49:47 | 000,000,000 | ---D | M]

[2010.12.29 15:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2012.11.01 00:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2012.10.06 00:41:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.01 00:04:06 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\[email protected]
[2012.11.01 00:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions
[2012.10.06 00:41:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.01 00:04:07 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\[email protected]
[2012.10.06 00:30:15 | 000,006,796 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\[email protected]
[2012.07.21 19:28:15 | 000,004,876 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\[email protected]
[2012.08.22 12:57:35 | 000,222,566 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2012.07.25 08:24:14 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.30 00:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.24 19:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.16 11:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.10.24 19:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.26 09:39:53 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.10.24 19:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011.11.23 07:29:56 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipediaro.xml

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\

O1 HOSTS File: ([2012.10.31 16:09:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Adina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.01 00:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2012.10.31 22:38:01 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Windows 7 Genuine Activator
[2012.10.31 22:28:30 | 006,663,680 | ---- | C] (Hazar & Co.) -- C:\Users\Adina\Desktop\RemoveWAT.exe
[2012.10.31 21:27:49 | 000,694,375 | ---- | C] (Farbar) -- C:\Users\Adina\Desktop\FSS.exe
[2012.10.31 17:22:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.31 17:21:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.31 16:09:13 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\temp
[2012.10.31 16:04:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.31 16:04:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.31 16:04:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.31 16:02:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.31 16:02:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.31 15:59:08 | 004,991,994 | R--- | C] (Swearware) -- C:\Users\Adina\Desktop\ComboFix.exe
[2012.10.31 15:24:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL.exe
[2012.10.30 13:18:02 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Geekstogo
[2012.10.30 12:51:06 | 000,000,000 | -H-D | C] -- C:\Users\Adina\Desktop\[Originals]
[2012.10.30 00:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.30 00:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.10.30 00:09:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.10.30 00:06:38 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.30 00:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.29 22:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012.10.29 22:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012.10.29 22:29:58 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012.10.29 22:29:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012.10.29 22:29:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012.10.29 22:29:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012.10.29 22:29:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012.10.29 22:29:57 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012.10.29 22:29:57 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012.10.29 22:29:57 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012.10.29 22:29:57 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012.10.29 22:29:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012.10.29 22:29:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012.10.29 22:29:57 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012.10.29 22:29:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012.10.29 22:29:57 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012.10.29 22:29:56 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.10.29 22:29:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.10.29 22:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012.10.29 22:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.29 22:19:15 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.29 22:19:10 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.29 21:54:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.28 12:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.20 05:59:39 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\bacalaureat 2012 DIVERSE
[2012.10.20 05:27:49 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\CV_materialeinspectie_20.10.2012
[2012.10.19 16:31:53 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2012.10.18 20:15:51 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\MASAURI REMEDIALE examen BAC 18.10.2012
[2012.10.17 18:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.17 17:50:38 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Avira
[2012.10.17 17:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.17 17:45:12 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.17 17:45:12 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.17 17:45:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.17 17:45:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.17 17:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.17 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.15 17:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
[2012.10.15 17:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2012.10.15 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 11
[2012.10.15 16:19:32 | 000,027,600 | ---- | C] (CrystalIdea Software) -- C:\Windows\System32\drivers\CisUtMonitor.sys
[2012.10.15 16:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool
[2012.10.15 16:19:32 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2012.10.14 23:11:06 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\materiale pt. lectii mate
[2012.10.13 11:57:17 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\documente catedra 2012-2013
[2012.10.10 20:15:58 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\CrashRpt
[2012.10.10 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\Adina\Documents\Smile
[2012.10.10 20:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Webshots
[2012.10.10 17:43:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 17:43:31 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.10 17:43:31 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.10 17:43:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 17:43:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 17:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 17:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 17:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 17:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 17:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 17:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 17:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 17:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 17:43:22 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 17:43:22 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.09 14:55:45 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\poze vechi
[2012.10.06 00:41:06 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.06 00:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.10.06 00:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.10.06 00:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.10.06 00:40:10 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2012.10.03 16:55:46 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.10.03 16:55:43 | 000,000,000 | ---D | C] -- C:\xampp

========== Files - Modified Within 30 Days ==========

[2012.11.01 00:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.01 00:06:15 | 000,705,488 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012.11.01 00:06:15 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.01 00:06:15 | 000,131,134 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012.11.01 00:06:15 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.01 00:05:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.01 00:02:18 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.01 00:01:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.01 00:01:34 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.31 23:33:03 | 000,033,573 | ---- | M] () -- C:\Users\Adina\Desktop\IJITECL.png
[2012.10.31 23:05:23 | 000,019,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.31 23:05:23 | 000,019,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.31 23:05:23 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012.10.31 23:05:22 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012.10.31 22:43:23 | 001,716,537 | ---- | M] () -- C:\Users\Adina\Desktop\WGA-Remover-2012-Fixexe.zip
[2012.10.31 21:42:03 | 003,270,180 | ---- | M] () -- C:\Users\Adina\Desktop\Windows 7 Loader.exe
[2012.10.31 21:27:57 | 000,694,375 | ---- | M] (Farbar) -- C:\Users\Adina\Desktop\FSS.exe
[2012.10.31 16:09:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.31 15:59:15 | 004,991,994 | R--- | M] (Swearware) -- C:\Users\Adina\Desktop\ComboFix.exe
[2012.10.31 15:24:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL.exe
[2012.10.31 00:35:28 | 000,194,485 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.hdtvrip.720(1).torrent
[2012.10.31 00:35:24 | 000,194,485 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.hdtvrip.720.torrent
[2012.10.31 00:34:41 | 000,028,893 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25.stunden.2002.german.ac3d.720p.hdtv.x264.cdd.torrent
[2012.10.31 00:33:09 | 000,121,799 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]divx.ita.eng.mp3.sub.ita.eng.pl.bg.arabic.la.25a.ora.25th.hour.tntvillage.torrent
[2012.10.30 18:18:54 | 000,047,204 | ---- | M] () -- C:\Users\Adina\Desktop\vod056013.pdf
[2012.10.30 15:31:08 | 000,089,038 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.torrent
[2012.10.30 15:29:50 | 000,089,170 | ---- | M] () -- C:\Users\Adina\Desktop\torrentdownloads net 25th Hour (2002).torrent
[2012.10.30 15:28:26 | 000,029,445 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.xvidvd.ac3ahashare.com.torrent
[2012.10.30 15:27:41 | 000,014,558 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.dvdrip.divx.eng.enad.torrent
[2012.10.30 14:48:30 | 000,011,811 | ---- | M] () -- C:\Users\Adina\Desktop\torrentdownloads net 25th_Hour [nolimits-team] mkv.torrent
[2012.10.30 13:35:04 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.30 00:28:36 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.30 00:28:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.30 00:27:34 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.10.30 00:19:11 | 000,002,835 | ---- | M] () -- C:\Users\Adina\Desktop\ACDSee Pro 6.lnk
[2012.10.29 23:40:14 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.10.29 23:26:32 | 000,001,096 | ---- | M] () -- C:\Users\Adina\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012.10.29 23:14:51 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.29 22:19:06 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.29 22:19:06 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.10.29 22:19:06 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.29 22:19:06 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.29 22:19:06 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.29 22:19:06 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.21 19:09:13 | 000,022,528 | ---- | M] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.20 08:00:59 | 000,092,006 | ---- | M] () -- C:\Users\Adina\Desktop\Mirela_adresascoliplandeactiuneexamenenationale.zip
[2012.10.18 16:27:47 | 000,000,969 | ---- | M] () -- C:\Users\Adina\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012.10.15 16:46:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2012.10.14 00:49:52 | 000,003,299 | ---- | M] () -- C:\Users\Adina\Documents\DVDVideo1_DVD.nrd
[2012.10.11 10:13:53 | 003,979,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.08 06:37:38 | 000,002,835 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2012.10.03 16:55:46 | 000,000,621 | ---- | M] () -- C:\Users\Adina\Desktop\XAMPP Control Panel.lnk

========== Files Created - No Company Name ==========

[2012.10.31 23:32:35 | 000,033,573 | ---- | C] () -- C:\Users\Adina\Desktop\IJITECL.png
[2012.10.31 22:43:22 | 001,716,537 | ---- | C] () -- C:\Users\Adina\Desktop\WGA-Remover-2012-Fixexe.zip
[2012.10.31 21:41:59 | 003,270,180 | ---- | C] () -- C:\Users\Adina\Desktop\Windows 7 Loader.exe
[2012.10.31 16:04:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.31 16:04:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.31 16:04:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.31 16:04:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.31 16:04:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.31 00:35:27 | 000,194,485 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.hdtvrip.720(1).torrent
[2012.10.31 00:35:23 | 000,194,485 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.hdtvrip.720.torrent
[2012.10.31 00:34:40 | 000,028,893 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25.stunden.2002.german.ac3d.720p.hdtv.x264.cdd.torrent
[2012.10.31 00:33:08 | 000,121,799 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]divx.ita.eng.mp3.sub.ita.eng.pl.bg.arabic.la.25a.ora.25th.hour.tntvillage.torrent
[2012.10.30 18:18:53 | 000,047,204 | ---- | C] () -- C:\Users\Adina\Desktop\vod056013.pdf
[2012.10.30 15:31:07 | 000,089,038 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.torrent
[2012.10.30 15:29:48 | 000,089,170 | ---- | C] () -- C:\Users\Adina\Desktop\torrentdownloads net 25th Hour (2002).torrent
[2012.10.30 15:28:22 | 000,029,445 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.xvidvd.ac3ahashare.com.torrent
[2012.10.30 15:27:37 | 000,014,558 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.dvdrip.divx.eng.enad.torrent
[2012.10.30 14:48:19 | 000,011,811 | ---- | C] () -- C:\Users\Adina\Desktop\torrentdownloads net 25th_Hour [nolimits-team] mkv.torrent
[2012.10.30 11:28:18 | 000,002,835 | ---- | C] () -- C:\Users\Adina\Desktop\ACDSee Pro 6.lnk
[2012.10.29 22:49:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.10.20 07:54:00 | 000,092,006 | ---- | C] () -- C:\Users\Adina\Desktop\Mirela_adresascoliplandeactiuneexamenenationale.zip
[2012.10.14 00:49:52 | 000,003,299 | ---- | C] () -- C:\Users\Adina\Documents\DVDVideo1_DVD.nrd
[2012.10.11 10:29:12 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012.10.11 10:28:47 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012.10.11 10:28:34 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012.10.11 10:27:31 | 000,001,318 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012.10.11 10:27:26 | 000,001,484 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.10.03 16:55:46 | 000,000,621 | ---- | C] () -- C:\Users\Adina\Desktop\XAMPP Control Panel.lnk
[2012.07.08 15:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2011.12.15 21:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.12.15 21:31:06 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.15 21:30:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.15 21:30:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.15 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.11.22 19:28:39 | 000,185,248 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\NMM-MetaData.db
[2011.05.13 18:37:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.21 16:43:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.21 16:42:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.17 13:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 21:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.03.09 21:12:31 | 000,705,488 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2011.03.09 21:12:31 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2011.03.09 21:12:31 | 000,131,134 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2011.03.09 21:12:31 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2011.02.19 14:57:07 | 000,022,528 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 18:57:00 | 000,004,096 | -H-- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.30 16:04:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.12.29 17:33:51 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.12.29 17:33:41 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2010.12.29 15:40:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.29 15:30:58 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.12.29 15:30:58 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.12.29 15:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.29 15:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg
[2010.12.29 14:58:22 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.12.29 14:58:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.12.29 14:58:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.12.29 14:58:22 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.12.29 14:55:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: FLTMCR.DLL >
[2012.10.11 23:23:43 | 000,094,208 | RHS- | M] () MD5=087FCA59DCCFA07FE1B03B7EC8165210 -- C:\_OTL\MovedFiles\10312012_212017\c_windows\system32\fltMCR.dll

< MD5 for: IJITECL >
[2012.10.11 23:23:43 | 000,002,592 | ---- | M] () MD5=6C9182A91F595C1DF50E2DB3F573DAC4 -- C:\Windows\System32\Tasks\IJITECL

< MD5 for: IJITECL.JOB >
[2012.10.31 17:38:07 | 000,000,312 | ---- | M] () MD5=7C48136F86D50B377C348A6FCC83E606 -- C:\_OTL\MovedFiles\10312012_212017\c_windows\Tasks\IJITECL.job

< MD5 for: IJITECL.PNG >
[2012.10.31 23:33:03 | 000,033,573 | ---- | M] () MD5=51E558390518680ED523C5FD4A00A76D -- C:\Users\Adina\Desktop\IJITECL.png

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:66C6A515
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#39
Essexboy

Posted 31 October 2012 - 04:49 PM

GeekU Moderator

Retired Staff
69,964 posts

OK one more to move, the rest are in quarantine

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\Windows\System32\Tasks\IJITECL

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#40
Kristina

Posted 31 October 2012 - 05:03 PM

Member

Topic Starter
Member
319 posts

I see it's gone now from the startup programs showed by Advanced System Care.

Here is the log:

OTL logfile created on: 01.11.2012 00:55:24 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adina\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,30 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 65,29% Memory free
4,30 Gb Paging File | 2,98 Gb Available in Paging File | 69,31% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 32,62 Gb Free Space | 33,43% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 122,75 Gb Free Space | 33,35% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 27,29 Gb Free Space | 11,72% Space Free | Partition Type: NTFS

Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.31 15:24:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL.exe
PRC - [2012.10.30 13:35:04 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.30 13:34:55 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.30 13:34:55 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.30 00:27:33 | 000,963,984 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012.10.24 19:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.10.13 16:02:30 | 003,764,608 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
PRC - [2012.10.12 15:33:10 | 001,026,432 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012.10.09 16:47:29 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012.09.24 21:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.18 12:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012.07.20 20:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.25 03:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2012.10.24 19:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.10.09 16:47:29 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.09.19 17:19:28 | 001,229,696 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\Scan.dll
MOD - [2012.07.14 10:52:04 | 000,892,288 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\webres.dll
MOD - [2012.06.10 10:21:44 | 000,516,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\sqlite3.dll
MOD - [2012.05.25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012.05.25 03:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2009.09.15 18:20:50 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2009.09.15 18:20:50 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2009.09.15 18:20:46 | 000,342,528 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl

========== Services (SafeList) ==========

SRV - [2012.10.30 13:35:04 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.30 13:34:55 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.30 00:28:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.24 01:13:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.12 15:33:10 | 001,026,432 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.15 10:02:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.08.18 12:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 20:08:04 | 008,186,368 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2011.12.22 18:11:20 | 000,818,952 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011.01.06 01:19:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012.10.30 13:35:04 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.24 08:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 09:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.10.30 12:14:50 | 000,027,600 | ---- | M] (CrystalIdea Software) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\CisUtMonitor.sys -- (CisUtMonitor)
DRV - [2011.08.07 13:45:06 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.08.07 13:45:06 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.03 00:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 04:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 19:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 15:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 15:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 15:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 15:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A13074A0-3EF3-4E01-854B-8977D377AF24}
IE - HKCU\..\SearchScopes\{A13074A0-3EF3-4E01-854B-8977D377AF24}: "URL" = http://www.google.co...1I7GUEA_enRO461
IE - HKCU\..\SearchScopes\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011.12.07 12:53:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 00:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 22:49:47 | 000,000,000 | ---D | M]

[2010.12.29 15:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2012.11.01 00:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2012.10.06 00:41:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.01 00:04:06 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\[email protected]
[2012.11.01 00:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions
[2012.10.06 00:41:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.01 00:04:07 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\[email protected]
[2012.10.06 00:30:15 | 000,006,796 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\[email protected]
[2012.07.21 19:28:15 | 000,004,876 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\[email protected]
[2012.08.22 12:57:35 | 000,222,566 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2012.07.25 08:24:14 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.30 00:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.24 19:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.16 11:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.10.24 19:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.26 09:39:53 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.10.24 19:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011.11.23 07:29:56 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipediaro.xml

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\

O1 HOSTS File: ([2012.10.31 16:09:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Adina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.01 00:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2012.10.31 22:38:01 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Windows 7 Genuine Activator
[2012.10.31 22:28:30 | 006,663,680 | ---- | C] (Hazar & Co.) -- C:\Users\Adina\Desktop\RemoveWAT.exe
[2012.10.31 21:27:49 | 000,694,375 | ---- | C] (Farbar) -- C:\Users\Adina\Desktop\FSS.exe
[2012.10.31 17:22:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.31 17:21:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.31 16:09:13 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\temp
[2012.10.31 16:04:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.31 16:04:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.31 16:04:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.31 16:02:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.31 16:02:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.31 15:59:08 | 004,991,994 | R--- | C] (Swearware) -- C:\Users\Adina\Desktop\ComboFix.exe
[2012.10.31 15:24:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL.exe
[2012.10.30 13:18:02 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Geekstogo
[2012.10.30 12:51:06 | 000,000,000 | -H-D | C] -- C:\Users\Adina\Desktop\[Originals]
[2012.10.30 00:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.30 00:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.10.30 00:09:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.10.30 00:06:38 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.30 00:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.29 22:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012.10.29 22:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012.10.29 22:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012.10.29 22:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.29 21:54:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.28 12:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.20 05:59:39 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\bacalaureat 2012 DIVERSE
[2012.10.20 05:27:49 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\CV_materialeinspectie_20.10.2012
[2012.10.19 16:31:53 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2012.10.18 20:15:51 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\MASAURI REMEDIALE examen BAC 18.10.2012
[2012.10.17 18:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.17 17:50:38 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Avira
[2012.10.17 17:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.17 17:45:12 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.17 17:45:12 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.17 17:45:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.17 17:45:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.17 17:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.17 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.15 17:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
[2012.10.15 17:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2012.10.15 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 11
[2012.10.15 16:19:32 | 000,027,600 | ---- | C] (CrystalIdea Software) -- C:\Windows\System32\drivers\CisUtMonitor.sys
[2012.10.15 16:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool
[2012.10.15 16:19:32 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2012.10.14 23:11:06 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\materiale pt. lectii mate
[2012.10.13 11:57:17 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\documente catedra 2012-2013
[2012.10.10 20:15:58 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\CrashRpt
[2012.10.10 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\Adina\Documents\Smile
[2012.10.10 20:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Webshots
[2012.10.09 14:55:45 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\poze vechi
[2012.10.06 00:41:06 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.06 00:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.10.06 00:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.10.06 00:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.10.06 00:40:10 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2012.10.03 16:55:46 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.10.03 16:55:43 | 000,000,000 | ---D | C] -- C:\xampp

========== Files - Modified Within 30 Days ==========

[2012.11.01 00:53:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.01 00:52:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.01 00:52:35 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.01 00:27:21 | 000,002,835 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 6.lnk
[2012.11.01 00:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.01 00:06:15 | 000,705,488 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012.11.01 00:06:15 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.01 00:06:15 | 000,131,134 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012.11.01 00:06:15 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.01 00:05:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.31 23:05:23 | 000,019,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.31 23:05:23 | 000,019,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.31 22:43:23 | 001,716,537 | ---- | M] () -- C:\Users\Adina\Desktop\WGA-Remover-2012-Fixexe.zip
[2012.10.31 21:42:03 | 003,270,180 | ---- | M] () -- C:\Users\Adina\Desktop\Windows 7 Loader.exe
[2012.10.31 21:27:57 | 000,694,375 | ---- | M] (Farbar) -- C:\Users\Adina\Desktop\FSS.exe
[2012.10.31 16:09:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.31 15:59:15 | 004,991,994 | R--- | M] (Swearware) -- C:\Users\Adina\Desktop\ComboFix.exe
[2012.10.31 15:24:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL.exe
[2012.10.31 00:35:28 | 000,194,485 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.hdtvrip.720(1).torrent
[2012.10.31 00:35:24 | 000,194,485 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.hdtvrip.720.torrent
[2012.10.31 00:34:41 | 000,028,893 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25.stunden.2002.german.ac3d.720p.hdtv.x264.cdd.torrent
[2012.10.31 00:33:09 | 000,121,799 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]divx.ita.eng.mp3.sub.ita.eng.pl.bg.arabic.la.25a.ora.25th.hour.tntvillage.torrent
[2012.10.30 18:18:54 | 000,047,204 | ---- | M] () -- C:\Users\Adina\Desktop\vod056013.pdf
[2012.10.30 15:31:08 | 000,089,038 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.torrent
[2012.10.30 15:29:50 | 000,089,170 | ---- | M] () -- C:\Users\Adina\Desktop\torrentdownloads net 25th Hour (2002).torrent
[2012.10.30 15:28:26 | 000,029,445 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.xvidvd.ac3ahashare.com.torrent
[2012.10.30 15:27:41 | 000,014,558 | ---- | M] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.dvdrip.divx.eng.enad.torrent
[2012.10.30 14:48:30 | 000,011,811 | ---- | M] () -- C:\Users\Adina\Desktop\torrentdownloads net 25th_Hour [nolimits-team] mkv.torrent
[2012.10.30 13:35:04 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.30 00:27:34 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.10.30 00:19:11 | 000,002,835 | ---- | M] () -- C:\Users\Adina\Desktop\ACDSee Pro 6.lnk
[2012.10.29 23:40:14 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.10.29 23:26:32 | 000,001,096 | ---- | M] () -- C:\Users\Adina\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012.10.29 23:14:51 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.21 19:09:13 | 000,022,528 | ---- | M] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.20 08:00:59 | 000,092,006 | ---- | M] () -- C:\Users\Adina\Desktop\Mirela_adresascoliplandeactiuneexamenenationale.zip
[2012.10.18 16:27:47 | 000,000,969 | ---- | M] () -- C:\Users\Adina\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012.10.15 16:46:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2012.10.14 00:49:52 | 000,003,299 | ---- | M] () -- C:\Users\Adina\Documents\DVDVideo1_DVD.nrd
[2012.10.11 10:13:53 | 003,979,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.08 06:37:38 | 000,002,835 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2012.10.03 16:55:46 | 000,000,621 | ---- | M] () -- C:\Users\Adina\Desktop\XAMPP Control Panel.lnk

========== Files Created - No Company Name ==========

[2012.11.01 00:27:21 | 000,002,835 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 6.lnk
[2012.10.31 22:43:22 | 001,716,537 | ---- | C] () -- C:\Users\Adina\Desktop\WGA-Remover-2012-Fixexe.zip
[2012.10.31 21:41:59 | 003,270,180 | ---- | C] () -- C:\Users\Adina\Desktop\Windows 7 Loader.exe
[2012.10.31 16:04:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.31 16:04:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.31 16:04:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.31 16:04:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.31 16:04:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.31 00:35:27 | 000,194,485 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.hdtvrip.720(1).torrent
[2012.10.31 00:35:23 | 000,194,485 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.hdtvrip.720.torrent
[2012.10.31 00:34:40 | 000,028,893 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25.stunden.2002.german.ac3d.720p.hdtv.x264.cdd.torrent
[2012.10.31 00:33:08 | 000,121,799 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]divx.ita.eng.mp3.sub.ita.eng.pl.bg.arabic.la.25a.ora.25th.hour.tntvillage.torrent
[2012.10.30 18:18:53 | 000,047,204 | ---- | C] () -- C:\Users\Adina\Desktop\vod056013.pdf
[2012.10.30 15:31:07 | 000,089,038 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.torrent
[2012.10.30 15:29:48 | 000,089,170 | ---- | C] () -- C:\Users\Adina\Desktop\torrentdownloads net 25th Hour (2002).torrent
[2012.10.30 15:28:22 | 000,029,445 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.2002.xvidvd.ac3ahashare.com.torrent
[2012.10.30 15:27:37 | 000,014,558 | ---- | C] () -- C:\Users\Adina\Desktop\[kat.ph]25th.hour.dvdrip.divx.eng.enad.torrent
[2012.10.30 14:48:19 | 000,011,811 | ---- | C] () -- C:\Users\Adina\Desktop\torrentdownloads net 25th_Hour [nolimits-team] mkv.torrent
[2012.10.30 11:28:18 | 000,002,835 | ---- | C] () -- C:\Users\Adina\Desktop\ACDSee Pro 6.lnk
[2012.10.29 22:49:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.10.20 07:54:00 | 000,092,006 | ---- | C] () -- C:\Users\Adina\Desktop\Mirela_adresascoliplandeactiuneexamenenationale.zip
[2012.10.14 00:49:52 | 000,003,299 | ---- | C] () -- C:\Users\Adina\Documents\DVDVideo1_DVD.nrd
[2012.10.11 10:29:12 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012.10.11 10:28:47 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012.10.11 10:28:34 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012.10.11 10:27:31 | 000,001,318 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012.10.11 10:27:26 | 000,001,484 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.10.03 16:55:46 | 000,000,621 | ---- | C] () -- C:\Users\Adina\Desktop\XAMPP Control Panel.lnk
[2012.07.08 15:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2011.12.15 21:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.12.15 21:31:06 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.15 21:30:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.15 21:30:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.15 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.11.22 19:28:39 | 000,185,248 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\NMM-MetaData.db
[2011.05.13 18:37:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.21 16:43:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.21 16:42:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.17 13:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 21:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.03.09 21:12:31 | 000,705,488 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2011.03.09 21:12:31 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2011.03.09 21:12:31 | 000,131,134 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2011.03.09 21:12:31 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2011.02.19 14:57:07 | 000,022,528 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 18:57:00 | 000,004,096 | -H-- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.30 16:04:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.12.29 17:33:51 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.12.29 17:33:41 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2010.12.29 15:40:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.29 15:30:58 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.12.29 15:30:58 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.12.29 15:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.29 15:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg
[2010.12.29 14:58:22 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.12.29 14:58:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.12.29 14:58:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.12.29 14:58:22 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.12.29 14:55:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.01.21 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ACD Systems
[2011.04.14 11:01:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\adma
[2012.11.01 00:42:50 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AIMP3
[2011.06.21 18:43:24 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Auslogics
[2011.09.17 23:22:41 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AutoCorect Contemporan
[2012.06.18 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer
[2011.01.08 19:58:08 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer Pro
[2011.06.20 18:58:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Canon
[2012.01.16 02:03:56 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.16 01:47:13 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.10.15 16:19:32 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2011.09.10 10:13:00 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Design Science
[2012.06.09 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Dropbox
[2012.10.06 00:41:14 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2012.10.06 00:41:06 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.25 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\FireShot
[2010.12.29 17:42:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Foxit Software
[2011.10.02 00:39:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GetRightToGo
[2011.06.26 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GrabPro
[2011.10.02 00:55:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ImTOO Software Studio
[2012.10.18 20:57:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IObit
[2011.05.22 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IrfanView
[2011.03.19 16:06:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\iSpring Solutions
[2011.02.20 22:43:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Leadertech
[2012.10.07 11:23:15 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Mp3tag
[2011.09.27 14:43:07 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Multimedia Player
[2011.04.19 20:27:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Nitro PDF
[2012.05.22 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Octoshape
[2011.09.27 12:44:58 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\PC Suite
[2011.06.26 17:47:21 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ProgSense
[2012.10.07 11:18:00 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\QuickScan
[2011.11.22 19:28:39 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Samsung
[2011.12.09 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TeamViewer
[2012.03.31 12:56:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Total Eclipse
[2010.12.30 22:16:12 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TuneUp Software
[2011.01.06 00:45:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Uniblue
[2012.11.01 01:01:51 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\uTorrent
[2011.09.13 16:08:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Webshots
[2012.09.02 13:22:42 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Xilisoft
[2010.12.29 15:29:57 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\XnView

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:66C6A515
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#41
Kristina

Posted 01 November 2012 - 05:42 AM

Member

Topic Starter
Member
319 posts

Today I noticed that several forums (powered vBulletin) where I enter frequently don't load correctly (icons and pictures don't appear). The very same happens with my Yahoo email and with gmail. However, it only happens in Firefox, in Internet Explorer the pages look right.

Edit: also, I can't see the pictures in this thread, this I noticed happenned yesterday, after I attached the picture with IJITECL.(again, they show in IE, but not Firefox)

Edit: In IE however I get script errors (jQuery is undefined), I press "no" to do you want to continue running scripts and then the page loads. When loading the same page in Firefox it loads more difficultly, but no errors.

Edited by Kristina, 01 November 2012 - 07:40 AM.

#42
Essexboy

Posted 01 November 2012 - 08:51 AM

GeekU Moderator

Retired Staff
69,964 posts

OK in IE we will disable that script error

Go to control panel > internet options
Select the Advanced tab and place a tick in the disable script debugging boxes

I will beetle off now and check out the Firefox picture problem

#43
Kristina

Posted 01 November 2012 - 08:58 AM

Member

Topic Starter
Member
319 posts

The 2 boxes were already ticked, so I changed nothing there.

#44
Essexboy

Posted 01 November 2012 - 09:06 AM

GeekU Moderator

Retired Staff
69,964 posts

Is it a specific site or all sites for the script error ?

#45
Kristina

Posted 01 November 2012 - 09:12 AM

Member

Topic Starter
Member
319 posts

They are just random sites I got in Google results (I noticed this with 2 sites). They work fine in Firefox (needs a refresh though).

As I logged in now as Administrator I noticed:

1. The sites load normally in Firefox when I'm logged as admin (icons and pictures showing up)
2. I had an error at startup. I rarely log as admin, but I had logged in yesterday and there was no error then.