Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

Computer runs slowly, freezes, restarts alone [Solved]


  • This topic is locked This topic is locked

#1
Kristina

Kristina

    Member

  • Member
  • PipPipPip
  • 264 posts
Hello! I am experiencing problems with viruses and malware, most probably since using an infected stick on my computer about two months ago. At that point viruses were detected by Avira (now I changed it for Avast). After several scans (with Avira, Avast, Panda online antivirus, Malware Bytes) that cleaned the remaining viruses, I didn't find any more viruses. However, in the past weeks Superantispyware keeps finding around 100 threats, on a frequent scanning basis.

Since a few days the computer is running slow, today it froze several times and I had to restart it manually. Last time it froze I restarted the computer, but as the black and white startup screen showed up, the computer shut itself down (the motor stopped), then restarted by itself, several times. In the end I managed to start the computer and log into Windows. Today the aero theme got deactivated by itself and the computer runs with those greyish bars, windows and browsers.

Also, in the past month after I log into Windows, I notice a black box saying the computer is applying personalized settings (2 links with system 32 in the end appear), then the box disappears quickly. Also, every time I start the computer I get the notification that Windows Defender is deactivated and I have to turn it on. Also I see that in the Action Center Avast appears to be off, although when I click the Avast icon it says "your system is secured".

I'm not able to find any more viruses/malware that are causing this. Please help, thank you a lot in advance!




OTL logfile created on: 07.08.2013 16:33:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adina\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,30 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 61,28% Memory free
4,30 Gb Paging File | 2,83 Gb Available in Paging File | 65,71% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 15,59 Gb Free Space | 15,98% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 62,98 Gb Free Space | 17,11% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 26,51 Gb Free Space | 11,38% Space Free | Partition Type: NTFS

Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.08.07 16:33:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Downloads\OTL.exe
PRC - [2013.07.03 08:10:29 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013.05.22 10:30:52 | 000,661,360 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2013.05.22 10:23:58 | 000,101,552 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2013.05.11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 11:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 11:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.05.06 22:37:43 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
PRC - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCSvc.exe
PRC - [2012.11.07 15:50:40 | 000,512,384 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe
PRC - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZillaServer.exe
PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.07.10 19:41:04 | 013,599,624 | ---- | M] () -- C:\Users\Adina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.97\pepflashplayer.dll
MOD - [2013.07.03 08:10:26 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppgooglenaclpluginchrome.dll
MOD - [2013.07.03 08:10:23 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
MOD - [2013.07.03 08:09:27 | 000,601,552 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libglesv2.dll
MOD - [2013.07.03 08:09:26 | 000,123,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libegl.dll
MOD - [2013.07.03 08:09:23 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ffmpegsumo.dll
MOD - [2012.11.01 10:21:10 | 000,350,592 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate\madexcept_.bpl
MOD - [2012.11.01 10:21:08 | 000,050,048 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate\maddisAsm_.bpl
MOD - [2012.11.01 10:21:06 | 000,182,656 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate\madbasic_.bpl
MOD - [2012.09.05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate\webres.dll
MOD - [2009.05.16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008.12.06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll


========== Services (SafeList) ==========

SRV - [2013.07.30 14:51:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.07.03 10:57:27 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.22 10:23:58 | 000,101,552 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013.05.11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 11:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.08 01:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCSvc.exe -- (AdvancedSystemCareService6)
SRV - [2012.11.03 20:58:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.10.19 17:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.08 18:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (gdrv)
DRV - [2013.08.03 16:33:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.07.14 00:13:58 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.07.14 00:13:58 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.07.14 00:13:58 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.05.22 18:49:34 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013.05.09 11:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.05.09 11:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 11:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 11:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 11:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.18 19:39:36 | 000,040,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 17:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.10.30 13:14:50 | 000,027,600 | ---- | M] (CrystalIdea Software) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\CisUtMonitor.sys -- (CisUtMonitor)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.03 01:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 05:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2009.09.17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 20:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 16:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {A13074A0-3EF3-4E01-854B-8977D377AF24}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKCU\..\SearchScopes\{588442DD-3D66-4A32-8467-2A77A2A06B61}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A13074A0-3EF3-4E01-854B-8977D377AF24}: "URL" = http://www.google.co...1I7GGNI_roRO509
IE - HKCU\..\SearchScopes\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.06.07 05:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2012.11.15 21:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.07.14 00:13:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.21 12:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.03 10:57:24 | 000,000,000 | ---D | M]

[2010.12.29 16:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2013.07.12 12:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2013.07.05 15:36:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\ascsurfingprotection@iobit.com
[2013.07.21 12:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions
[2012.12.17 16:10:32 | 000,222,578 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2013.07.04 15:17:50 | 000,000,904 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\searchplugins\yahoo.xml
[2013.07.16 16:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.07.16 16:57:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.09.16 12:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 18:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.26 10:39:53 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.11.23 08:29:56 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipediaro.xml
[2013.07.20 12:53:19 | 000,002,162 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zgametb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.ro/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: SiteAdvisor = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

Hosts file not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Advanced SystemCare Ultimate] C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Compress Image Using Image Compressor 2008 - C:\Program Files\Image Compressor\imcieex_compress.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.08.07 11:31:14 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\ElevatedDiagnostics
[2013.08.03 16:32:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.08.02 16:56:37 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Fallulah - Escapism [Deluxe Edition] (2013)
[2013.08.02 16:39:20 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\FSC August 2013
[2013.07.31 16:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2013.07.31 16:11:54 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.07.31 16:11:05 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\FSC Iulie
[2013.07.31 12:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.07.26 22:54:21 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\GHEORGHE TITEICA
[2013.07.17 06:53:26 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\MATEMATICA_materiale
[2013.07.14 12:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.07.14 00:13:53 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.07.14 00:13:53 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.07.14 00:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.07.14 00:13:51 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.07.14 00:13:50 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.07.14 00:13:50 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.07.14 00:13:43 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.07.14 00:13:42 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.07.14 00:13:15 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.07.14 00:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.07.14 00:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[1 C:\Users\Adina\Desktop\*.tmp files -> C:\Users\Adina\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.08.07 16:28:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.08.07 16:28:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.07 16:28:28 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.07 16:23:28 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.07 16:23:28 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.07 16:22:34 | 001,171,032 | ---- | M] () -- C:\Users\Adina\Desktop\proiect EQ - 1 oct 2013.pdf
[2013.08.03 16:36:12 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013.08.03 16:33:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.07.30 14:51:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.29 15:42:22 | 001,566,910 | ---- | M] () -- C:\Users\Adina\Desktop\Resurse_Jacques_Salome.pdf
[2013.07.29 15:41:27 | 001,253,173 | ---- | M] () -- C:\Users\Adina\Desktop\Aplicatii ESPERE.pdf
[2013.07.29 15:22:40 | 000,842,964 | ---- | M] () -- C:\Users\Adina\Desktop\Metoda ESPERE.pdf
[2013.07.24 00:52:32 | 000,050,770 | ---- | M] () -- C:\Users\Adina\Documents\yy.wmf
[2013.07.14 00:13:58 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.07.14 00:13:58 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.07.14 00:13:58 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.07.14 00:13:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013.07.14 00:13:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.07.14 00:13:43 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013.07.13 13:01:53 | 000,705,488 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013.07.13 13:01:53 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.13 13:01:53 | 000,131,134 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013.07.13 13:01:53 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.13 03:56:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f63c08d1f45.job
[2013.07.11 13:26:31 | 003,979,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Adina\Desktop\*.tmp files -> C:\Users\Adina\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.08.07 10:39:52 | 000,031,848 | ---- | C] () -- C:\Windows\System32\drivers\DasPtct.SYS
[2013.08.05 17:29:44 | 001,171,032 | ---- | C] () -- C:\Users\Adina\Desktop\proiect EQ - 1 oct 2013.pdf
[2013.07.31 16:11:54 | 000,001,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
[2013.07.29 15:42:21 | 001,566,910 | ---- | C] () -- C:\Users\Adina\Desktop\Resurse_Jacques_Salome.pdf
[2013.07.29 15:41:27 | 001,253,173 | ---- | C] () -- C:\Users\Adina\Desktop\Aplicatii ESPERE.pdf
[2013.07.29 15:22:34 | 000,842,964 | ---- | C] () -- C:\Users\Adina\Desktop\Metoda ESPERE.pdf
[2013.07.24 00:52:32 | 000,050,770 | ---- | C] () -- C:\Users\Adina\Documents\yy.wmf
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013.07.14 00:13:49 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.07.14 00:13:47 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.07.14 00:13:43 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013.07.13 03:56:04 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f63c08d1f45.job
[2013.07.10 19:49:12 | 001,287,705 | ---- | C] () -- C:\Users\Adina\Desktop\100_1111.JPG
[2013.07.10 19:49:12 | 001,246,479 | ---- | C] () -- C:\Users\Adina\Desktop\100_1104.JPG
[2013.07.10 19:49:12 | 001,216,049 | ---- | C] () -- C:\Users\Adina\Desktop\100_1102.JPG
[2013.07.10 19:49:12 | 000,118,907 | ---- | C] () -- C:\Users\Adina\Desktop\577947_484472498280651_13012858_n.jpg
[2013.07.10 19:49:12 | 000,103,103 | ---- | C] () -- C:\Users\Adina\Desktop\417697_484484894946078_924373817_n.jpg
[2013.07.10 19:49:12 | 000,099,081 | ---- | C] () -- C:\Users\Adina\Desktop\698_484472138280687_615891481_n.jpg
[2013.07.10 19:49:12 | 000,095,702 | ---- | C] () -- C:\Users\Adina\Desktop\529781_355575747891054_793024469_n.jpg
[2013.07.10 19:49:12 | 000,087,769 | ---- | C] () -- C:\Users\Adina\Desktop\544075_355576304557665_2115072567_n.jpg
[2013.07.10 19:49:12 | 000,066,504 | ---- | C] () -- C:\Users\Adina\Desktop\485068_483619471699287_206231181_n.jpg
[2013.07.05 05:31:20 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wspspodsini.dll
[2013.07.05 05:28:42 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2013.07.05 05:27:58 | 000,000,884 | RHS- | C] () -- C:\Users\Adina\ntuser.pol
[2013.06.30 23:54:37 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013.02.18 19:39:36 | 000,040,344 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.11.07 19:25:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ADINA-PC-Microsoft-Windows-7-Enterprise-(32-bit).dat
[2012.07.08 16:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2012.01.10 23:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 23:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 23:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 22:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 22:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 22:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.12.15 22:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.12.15 22:31:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.11.22 20:28:39 | 000,185,248 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\NMM-MetaData.db
[2011.05.13 19:37:46 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.17 14:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 22:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.02.19 15:57:07 | 000,023,552 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 19:57:00 | 000,004,096 | ---- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.29 16:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010.11.20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.01.21 22:59:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ACD Systems
[2011.04.14 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\adma
[2013.08.06 10:03:55 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AIMP3
[2011.06.21 19:43:24 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Auslogics
[2011.09.18 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AutoCorect Contemporan
[2013.05.13 18:16:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer
[2011.01.08 20:58:08 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer Pro
[2011.06.20 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Canon
[2012.01.16 03:03:56 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.16 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.10.15 17:19:32 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2011.09.10 11:13:00 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Design Science
[2013.07.06 07:27:45 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Dropbox
[2013.04.03 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2011.01.25 12:50:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\FireShot
[2010.12.29 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Foxit Software
[2011.10.02 01:39:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GetRightToGo
[2011.06.26 18:47:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GrabPro
[2011.10.02 01:55:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ImTOO Software Studio
[2013.02.17 15:32:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IObit
[2011.05.22 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IrfanView
[2011.03.19 17:06:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\iSpring Solutions
[2011.02.20 23:43:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Leadertech
[2013.04.05 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Mp3tag
[2011.09.27 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Multimedia Player
[2011.04.19 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Nitro PDF
[2012.11.13 02:06:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Notepad++
[2012.05.22 18:49:43 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Octoshape
[2011.09.27 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\PC Suite
[2011.06.26 18:47:21 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ProgSense
[2013.07.04 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\QuickScan
[2011.11.22 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Samsung
[2012.12.17 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.09 15:57:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TeamViewer
[2012.03.31 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Total Eclipse
[2010.12.30 23:16:12 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TuneUp Software
[2013.08.07 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\uTorrent
[2011.09.13 17:08:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Webshots
[2012.09.02 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Xilisoft
[2010.12.29 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\XnView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >



OTL Extras logfile created on: 07.08.2013 16:33:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adina\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,30 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 61,28% Memory free
4,30 Gb Paging File | 2,83 Gb Available in Paging File | 65,71% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 15,59 Gb Free Space | 15,98% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 62,98 Gb Free Space | 17,11% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 26,51 Gb Free Space | 11,38% Space Free | Partition Type: NTFS

Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\WinHlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.txt [@ = AutoCorectFile] -- C:\Program Files\AutoCorect\AutoCorect.exe (Softset)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\WinHlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A106EB-7846-4F71-B237-09B4C16D430B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0665E938-AB62-43B7-A5D3-A572046FCFB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08E9C034-F393-4248-BC8C-6347B472EC87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1283EE64-67B8-49E3-8CC5-F8202DFA2352}" = lport=445 | protocol=6 | dir=in | app=system |
"{17A422C2-EBB5-4049-953A-7403E91966C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{18CFFAB7-3330-4A8E-90CB-8FB3F00ED22B}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{1F82D55E-8EF8-4A18-9F85-F0BA84DAAA4A}" = lport=137 | protocol=17 | dir=in | app=system |
"{210B966D-149D-4934-90E6-CDED8BFE8E3E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{227D9AFF-C68C-430B-AA9B-3E20F95AB81B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F3484F8-9058-45BD-8ECF-442B0EBCE8FE}" = rport=138 | protocol=17 | dir=out | app=system |
"{3335508D-081A-46B7-9A40-0D42F1F90495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DF32C77-F525-4860-A94E-780DD0B989AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{5164DB39-BE91-418A-B923-0FE12AE7033E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5311A714-F81F-41E3-B88D-CBA3A9E56A01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57AFCC31-A0BA-4B76-8B4C-4A00A5DFE862}" = rport=137 | protocol=17 | dir=out | app=system |
"{59D26556-EB7A-4D7C-BA06-465F9257756A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6171278E-55CC-4C75-9A1D-E48E66D2EB56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{665E8FAE-C2D6-40FD-8C6A-1D901E1A40F0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6E775984-FB8E-4028-ACC0-305A3DDDE1D0}" = lport=138 | protocol=17 | dir=in | app=system |
"{8B3A8531-0C09-40C1-A7C0-F01972FFD3F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEB490A7-41E1-4214-A714-3BEF6AF6B25C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB0BED99-930D-4D57-9866-D5918D576387}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{DE77401D-4690-4D3E-AD3D-6BED4C5146E8}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6FB9D6C-2E56-45BD-9365-CCB818D55556}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FDEC0E45-5211-4762-9383-A9B84AF3C2AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{FF83ACD7-E467-45BB-AC82-6A1B73A91525}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B80918-3EB5-45EF-B035-B884446B8EE9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{10742BAC-21E8-403A-851E-9F2839D8236B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14AA5E64-871B-4862-833A-E2D8D5B86382}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A0A0BA3-B9CA-489A-97B0-7268C5210D64}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3E058F7C-6448-4E22-9F79-00BF85A1AEE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42D946DA-00AA-4907-B8B9-C53E617502AB}" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe |
"{59C12610-771C-4EA1-B6E8-6901E44EE7BD}" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe |
"{68DBA296-6AF6-407A-AA5F-A90577BF17F8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{6A62ADFD-372A-4870-BCD5-1CDDEB521DF5}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{70FAF749-8C54-4F9B-94D6-82F665374C6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{76E46BDA-2D6B-4623-9FD6-DEA60B4076B0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7817BBCF-8D10-44B5-B08E-F20B4ABD8362}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A4AE856-710B-4F50-B567-8444274A93D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A8453E0-C825-4696-A740-412E450C8523}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{7C154415-6BDE-4231-95E7-19CFFE45DE68}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{7CB4D38C-224E-4719-98B1-2FFB03E05E48}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{879A6BBD-2B1A-4408-8296-509CB3D89873}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{93EEDF9E-6009-4136-A541-934BA948EE0B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{A1709533-D2D9-4FD3-9C6D-EC830A9E00D9}" = protocol=6 | dir=out | app=system |
"{A39A3DFD-30F4-4C4D-8017-EFDD53D28D68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC796949-8E92-412A-8D11-E9D9A81D3A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3FB211D-F1AD-472A-BD68-C10FACBC7A53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC3E328D-DE4B-4DE8-AFC0-9848E5094B23}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{BC97ED64-6748-4420-87AB-E35771FCD201}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{C6BFCF99-777B-4707-8BF9-77412F7E68DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C772B847-25C6-4491-B59C-9283729B6E5A}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{CCDF49A1-5587-4CD3-980E-0A7F24779B51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE238F28-C517-4690-969D-1054C95A01D8}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{D0D2E486-7DC9-4CCD-949C-109944275E0F}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{D6DC5F11-77A8-41B1-8F3D-2289A869B058}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{DDEB5AD4-F4D8-44F6-AB47-8EE114623C13}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E5FD7B13-4031-4DFD-8AA2-B00D5ED6F89F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3186F03-2B4E-40B9-8F19-D55C9F5489AD}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{F4ABE299-544F-43DE-9FE3-BED36B1A5257}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FA24696C-436F-4E5D-A9BF-46624093BBF7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"TCP Query User{0CA13DEB-B693-4380-AA4D-02AB345C0BC6}C:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{16698D35-A8D6-42C1-9BDE-A3CBE4AD2285}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{16EBAF60-6C3F-442F-ACBD-46841E4EB723}C:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1BAB3BD8-D737-4127-B89A-DD49288A1E2D}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"TCP Query User{3D2EED05-3361-4100-8333-386B4A9E3582}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"TCP Query User{486CF2C6-D1F4-4C33-AF51-DF4BCB3C2405}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{5660E3DC-B171-40E7-BFA0-A8BEC0F6E435}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{7A8CC01B-01CC-4E84-B1F5-D5523CEF306E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{9B4F2E02-C545-405F-8E4D-D98EA81C16A5}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{9BD89FF6-A567-4269-8D1E-57F9CDBCD8DF}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe |
"TCP Query User{A5620B3E-672B-456D-AA42-6E13098C9E53}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{D1403207-B4FB-4F4C-8015-DC56371CAF81}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E9407B41-F6B2-4672-8F0D-EEDD4347741D}C:\program files\nero\nero burning rom\nero.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero burning rom\nero.exe |
"UDP Query User{11026EFF-346B-4260-9700-10F109AE78AE}C:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{199324CF-757A-4E8D-ADA2-26FFFDA2E1F7}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{33AF046C-1FDF-4D2A-9711-2981A3F745F2}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{4296701F-0F01-460F-961E-9DE63469F2A0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{4515A6ED-7885-47BD-A2BA-12E5D68A4C6F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{49B4820D-4A37-4713-AAF0-823AFD4E8C46}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{52E58A35-9EB0-460C-9F71-7004AC2AC8DF}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe |
"UDP Query User{5D84BD84-3719-488F-8B2C-F62CB6E530C1}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"UDP Query User{5E5A275A-7D95-49BC-B5D5-E31D1B1B29D6}C:\program files\nero\nero burning rom\nero.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero burning rom\nero.exe |
"UDP Query User{88E936EF-A781-4A68-85ED-FB31CE5C505C}C:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{D0EB3F09-3791-459A-BF9C-21168DA530CB}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{D58571BA-865B-446E-AD6C-F77077C7C9E0}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"UDP Query User{E92AB952-607B-491B-9054-5B580B2F30CE}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07EA4E9F-BD35-4F38-9809-D825B772B833}" = Image Optimizer 3.0
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr.Printer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather™ The Game
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70E4E07C-4C81-4B19-9D49-37AEB65E3A6B}_is1" = Smile Desktop version 1.0.4.259
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92E64C51-5096-442F-9A44-61CB2941391D}" = ACDSee 4.0 PowerPack Suite
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC76BA86-7AD7-2530-0000-A00000000004}" = Extended Asian Language font pack for Adobe Reader XI
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) MUI
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCB74778-4397-4335-8455-A75ACE919510}" = Image Compressor 2008 Free Edition
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40B2C78-30CA-4A8F-A157-C86B491C73AF}" = ACDSee Pro 6
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 6
"AIMP3" = AIMP3
"AutoCorect stil contemporan_is1" = AutoCorect 4.1.5
"avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressZip" = Express Zip
"Fallout New Vegas_is1" = Fallout New Vegas
"FileHippo.com" = FileHippo.com Update Checker
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"GeoGebra 4.2" = GeoGebra 4.2
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"IrfanView" = IrfanView (remove only)
"iWinArcade" = iWin Games (remove only)
"Jewel Quest" = Jewel Quest (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest Online Party" = Jewel Quest Online Party (remove only)
"Mah Jong Quest II" = Mah Jong Quest II (remove only)
"Mah Jong Quest III" = Mah Jong Quest III (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Mp3tag" = Mp3tag v2.54
"Nero8Lite_is1" = Nero 8 Micro
"Notepad++" = Notepad++
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Picasa 3" = Picasa 3
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Samsung PC Studio 7" = Samsung PC Studio 7
"Smart Defrag 2_is1" = Smart Defrag 2
"SoundTap" = SoundTap Streaming Audio Recorder
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall Tool_is1" = Uninstall Tool
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.7
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Wordscape Online Party" = Wordscape Online Party (remove only)
"xampp" = XAMPP 1.8.1
"Xilisoft MP4 to DVD Converter" = Xilisoft MP4 to DVD Converter
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04.08.2013 02:20:08 | Computer Name = Adina-PC | Source = Windows Search Service | ID = 9000
Description = The Windows Search Service cannot open the Jet property store. Details:
0x%08x
(0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error - 04.08.2013 02:20:08 | Computer Name = Adina-PC | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index
{id=4700}. The service will attempt to automatically correct this problem by rebuilding
the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801)
(0xc0041801)

Error - 04.08.2013 02:20:08 | Computer Name = Adina-PC | Source = Windows Search Service | ID = 7042
Description = The Windows Search Service is being stopped because there is a problem
with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt.
(HRESULT : 0xc0041801) (0xc0041801)

Error - 04.08.2013 02:20:08 | Computer Name = Adina-PC | Source = Windows Search Service | ID = 9002
Description = The Windows Search Service cannot load the property store information.

Context:
Windows Application, SystemIndex Catalog Details: The content index database is corrupt.
(HRESULT : 0xc0041800) (0xc0041800)

Error - 04.08.2013 02:20:08 | Computer Name = Adina-PC | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.JetPropStore> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt.
(HRESULT : 0xc0041801) (0xc0041801)

Error - 04.08.2013 02:20:12 | Computer Name = Adina-PC | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT :
0x80070490) (0x80070490)

Error - 04.08.2013 02:20:12 | Computer Name = Adina-PC | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801)
(0xc0041801)

Error - 04.08.2013 02:20:12 | Computer Name = Adina-PC | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error - 04.08.2013 02:20:12 | Computer Name = Adina-PC | Source = Windows Search Service | ID = 7010
Description = The index cannot be initialized. Details: The content index catalog
is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error - 04.08.2013 02:20:40 | Computer Name = Adina-PC | Source = ESENT | ID = 455
Description = DllHost (3920) WebCacheLocal: Error -1811 occurred while opening logfile
C:\Users\Adina\AppData\Local\Microsoft\Windows\WebCache\V01000C2.log.

Error - 07.08.2013 04:29:06 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x8007043C

Error - 07.08.2013 04:29:06 | Computer Name = Adina-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

[ Media Center Events ]
Error - 11.02.2011 12:51:02 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:51:02 PM - Error connecting to the internet. 6:51:02 PM - Unable
to contact server..

Error - 11.02.2011 12:51:34 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:51:31 PM - Error connecting to the internet. 6:51:31 PM - Unable
to contact server..

Error - 11.02.2011 13:52:13 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 7:52:13 PM - Error connecting to the internet. 7:52:13 PM - Unable
to contact server..

Error - 11.02.2011 13:52:43 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 7:52:42 PM - Error connecting to the internet. 7:52:42 PM - Unable
to contact server..

Error - 12.02.2011 00:54:00 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:54:00 AM - Error connecting to the internet. 6:54:00 AM - Unable
to contact server..

Error - 12.02.2011 00:54:32 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:54:29 AM - Error connecting to the internet. 6:54:30 AM - Unable
to contact server..

Error - 12.02.2011 01:55:10 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 7:55:10 AM - Error connecting to the internet. 7:55:10 AM - Unable
to contact server..

Error - 12.02.2011 01:55:40 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 7:55:39 AM - Error connecting to the internet. 7:55:39 AM - Unable
to contact server..

Error - 15.02.2011 12:26:11 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:26:11 PM - Error connecting to the internet. 6:26:11 PM - Unable
to contact server..

Error - 15.02.2011 12:26:20 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:26:16 PM - Error connecting to the internet. 6:26:16 PM - Unable
to contact server..

[ OSession Events ]
Error - 13.09.2012 04:49:50 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1610
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 08.01.2013 06:08:50 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9443
seconds with 8820 seconds of active time. This session ended with a crash.

Error - 10.01.2013 02:12:46 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1104
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 10.01.2013 02:28:02 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 901
seconds with 900 seconds of active time. This session ended with a crash.

Error - 13.06.2013 13:33:59 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12709
seconds with 8160 seconds of active time. This session ended with a crash.

Error - 08.07.2013 07:50:19 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4870
seconds with 4500 seconds of active time. This session ended with a crash.

Error - 08.07.2013 07:51:39 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71
seconds with 60 seconds of active time. This session ended with a crash.

Error - 09.07.2013 12:22:00 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18762
seconds with 8580 seconds of active time. This session ended with a crash.

Error - 09.07.2013 12:27:50 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 342
seconds with 240 seconds of active time. This session ended with a crash.

Error - 09.07.2013 12:29:29 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07.08.2013 06:11:03 | Computer Name = Adina-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 07.08.2013 06:11:30 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%193

Error - 07.08.2013 06:11:47 | Computer Name = Adina-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 07.08.2013 06:11:49 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PRSBDRVR

Error - 07.08.2013 09:28:21 | Computer Name = Adina-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 07.08.2013 09:28:45 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%193

Error - 07.08.2013 09:28:47 | Computer Name = Adina-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 07.08.2013 09:28:50 | Computer Name = Adina-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 07.08.2013 09:28:59 | Computer Name = Adina-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 07.08.2013 09:29:06 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PRSBDRVR


< End of report >

Edited by Kristina, 07 August 2013 - 07:59 AM.

  • 0

Similar Topics: Computer runs slowly, freezes, restarts alone [Solved]     x


#2
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 4,328 posts
Hello Kristina, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

I see some browser search redirects in IE so we'll get rid of those. You have IOBIT Advanced System Care installed. I would advise removal of this dubious software. You also have IWin Games installed on the computer. This software is flagged by several of our tools for carrying adware and malware.

A.
IOBIT Products

These products and all the IOBIT products consume resources unnecessarily and often try to get you to buy the paid version to fix any real issue.
We have alternates that we will use and recommend that do not do that.
The software that we use and recommend does not load at start up so it does not use system resources. It's free and we believe it works ws well as, or better than most other products.

B.
You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.


General Information

In addition to the defragmenting program that Windows provides you also have 2 more on the system. They are:

Defraggler
Auslogics Disk Defrag


They are both very good products and are used here from time to time. I just don't see the need to have both installed along with the Windows defragmenting program.

You also have the PandaCloud Cleaner software installed. Please be aware that this malware scanner leaves it up to you to decide if what it found is legitimate or malware. So unless you are sure about what you are doing I would recommend that you stick with your antivirus program and an on demand scanner like MalwareBytes and uninstall the Panda Cleaner product.

Registry Cleaning Tools

Also I see CCleaner is installed. Please do not use the registry cleaner in this tool. And for that matter do not use registry cleaners at all:
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black should be uninstalled.


I would suggest that you print these instructions out or save them to a text file so you will have access to them when completing the steps. It might also be easier to download the tools first and then close the browser and all open windows before completing each step.


Step-1.

Malicious program uninstalls and Optional Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Advanced SystemCare Ultimate 6
iWin Games (remove only)
Smart Defrag 2
uTorrent


3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\uTorrent
C:\Users\Adina\AppData\Roaming\uTorrent


2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
PRC - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCSvc.exe
PRC - [2012.11.07 15:50:40 | 000,512,384 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe
MOD - [2012.11.01 10:21:08 | 000,050,048 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate\maddisAsm_.bpl
MOD - [2012.11.01 10:21:06 | 000,182,656 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate\madbasic_.bpl
MOD - [2012.09.05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate\webres.dll
SRV - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCSvc.exe -- (AdvancedSystemCareService6)
SRV - [2011.04.08 18:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2012.11.15 21:51:54 | 000,000,000 | ---D | M]
[2013.07.05 15:36:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\ascsurfingprotection@iobit.com
[2013.07.21 12:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions
O4 - HKCU..\Run: [Advanced SystemCare Ultimate] C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)

:FILES
ipconfig /flushdns /c
C:\Program Files\IObit
C:\Program Files\iWin Games
C:\ProgramData\iWin Games

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • (Vista and 7 users) will need to right click the adwcleaner.exe and click Run as administrator, then accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this. Do Not delete anything at this time.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
DRIVES


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went.
2. The OTL fixes log
3. The aswMBR log
4. The AdwCleaner[R1].txt log
5. The new OTL.txt log
  • 0

#3
Kristina

Kristina

    Member

  • Member
  • PipPipPip
  • 264 posts
Hello and thank you for your time looking into this!

I uninstalled the programs you mentioned, things went well and I cleared their folders in Program files. Advanced System Care was causing problems and its antivirus seemed to have disabled my own antivirus. I won't use it again, as you suggested and I won't clean the registry anymore if it's of no use.

Here is the OTL fix after the uninstalls:



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named ASCAvSvc.exe was found!
No active process named ASCSvc.exe was found!
No active process named ASCTray.exe was found!
Error: No service named ASCAntivirusSrv was found to stop!
Service\Driver key ASCAntivirusSrv not found.
File C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe not found.
Error: No service named AdvancedSystemCareService6 was found to stop!
Service\Driver key AdvancedSystemCareService6 not found.
File C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCSvc.exe not found.
Error: No service named iWinTrusted was found to stop!
Service\Driver key iWinTrusted not found.
File C:\Program Files\iWin Games\iWinTrusted.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98e34367-8df7-42b4-837b-20b892ff0849}\ not found.
C:\ProgramData\iWin Games\firefox\chrome folder moved successfully.
C:\ProgramData\iWin Games\firefox folder moved successfully.
Folder C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\ascsurfingprotection@iobit.com\ not found.
C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare Ultimate not found.
File C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Adina\Downloads\cmd.bat deleted successfully.
C:\Users\Adina\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files\IObit not found.
File\Folder C:\Program Files\iWin Games not found.
C:\ProgramData\iWin Games\opal folder moved successfully.
C:\ProgramData\iWin Games\drm\data folder moved successfully.
C:\ProgramData\iWin Games\drm folder moved successfully.
C:\ProgramData\iWin Games folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adina
->Temp folder emptied: 34114258 bytes
->Temporary Internet Files folder emptied: 8444162 bytes
->Java cache emptied: 18058525 bytes
->FireFox cache emptied: 6388073 bytes
->Google Chrome cache emptied: 164890263 bytes
->Flash cache emptied: 708 bytes

User: Administrator
->Temp folder emptied: 195175 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525044 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1542773076 bytes

Total Files Cleaned = 1.693,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08102013_153835

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by Kristina, 10 August 2013 - 10:52 AM.

  • 0

#4
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 4,328 posts
Please complete the steps after the OTL fix in post#2 above and post the aswMBR, AdwCleaner[R1].txt and the new OTL.txt logs.
  • 0

#5
Kristina

Kristina

    Member

  • Member
  • PipPipPip
  • 264 posts
Ok, I thought I shoudn't post all logs at once. Here are all the logs:



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-10 18:23:20
-----------------------------
18:23:20.795 OS Version: Windows 6.1.7601 Service Pack 1
18:23:20.795 Number of processors: 4 586 0x2505
18:23:20.796 ComputerName: ADINA-PC UserName: Adina
18:23:21.068 Initialize success
18:25:03.920 AVAST engine defs: 13081000
18:29:13.063 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:29:13.065 Disk 0 Vendor: WDC_WD2500AAJB-00WGA0 00.02C01 Size: 238475MB BusType: 3
18:29:13.068 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4
18:29:13.069 Disk 1 Vendor: WDC_WD5000AAKS-00A7B2 01.03B01 Size: 476940MB BusType: 11
18:29:13.142 Disk 1 MBR read successfully
18:29:13.144 Disk 1 MBR scan
18:29:13.162 Disk 1 Windows 7 default MBR code
18:29:13.177 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:29:13.191 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 99899 MB offset 206848
18:29:13.208 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204800000
18:29:13.215 Disk 1 scanning sectors +976769024
18:29:13.269 Disk 1 scanning C:\Windows\system32\drivers
18:29:23.516 Service scanning
18:29:41.138 Modules scanning
18:29:45.316 Disk 1 trace - called modules:
18:29:45.325 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
18:29:45.329 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86490030]
18:29:45.333 3 CLASSPNP.SYS[8c30959e] -> nt!IofCallDriver -> [0x8631dc10]
18:29:45.337 5 ACPI.sys[8ba343d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85ef0030]
18:29:46.058 AVAST engine scan C:\Windows
18:29:47.541 AVAST engine scan C:\Windows\system32
18:32:48.900 AVAST engine scan C:\Windows\system32\drivers
18:33:00.339 AVAST engine scan C:\Users\Adina
18:38:15.486 Disk 1 MBR has been saved successfully to "C:\Users\Adina\Desktop\MBR.dat"
18:38:15.494 The log file has been saved successfully to "C:\Users\Adina\Desktop\aswMBR.txt"


# AdwCleaner v2.306 - Logfile created 08/10/2013 at 18:42:05
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Adina - ADINA-PC
# Boot Mode : Normal
# Running from : C:\Users\Adina\Downloads\adwcleaner (1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\APN
Folder Found : C:\Users\Adina\AppData\Local\iac

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\prefs.js

[OK] File is clean.

File : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\prefs.js

Found : user_pref("browser.search.selectedEngine", "blekko");
Found : user_pref("extensions.aniweather.timeShifted", 932483);
Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Found : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?p[...]

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1sq91csa.default\prefs.js

Found : user_pref("browser.search.selectedEngine", "blekko");
Found : user_pref("browser.startup.homepage", "hxxp://blekkosearch.mystart.com/zgametb/?source=a92683ac&tool[...]

-\\ Google Chrome v28.0.1500.71

File : C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4861 octets] - [06/07/2013 11:07:04]
AdwCleaner[R2].txt - [1916 octets] - [10/08/2013 18:42:05]
AdwCleaner[S1].txt - [20537 octets] - [28/10/2012 17:45:55]
AdwCleaner[S2].txt - [4938 octets] - [06/07/2013 11:09:43]

########## EOF - C:\AdwCleaner[R2].txt - [2097 octets] ##########







OTL logfile created on: 10.08.2013 18:46:41 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adina\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,30 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 71,69% Memory free
4,30 Gb Paging File | 3,12 Gb Available in Paging File | 72,53% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 13,44 Gb Free Space | 13,78% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 62,99 Gb Free Space | 17,11% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 26,51 Gb Free Space | 11,38% Space Free | Partition Type: NTFS

Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.08.08 12:57:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.08.08 12:57:00 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.08.08 12:56:55 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.08.08 12:56:55 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.08.07 16:33:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Downloads\OTL.exe
PRC - [2013.05.22 10:23:58 | 000,101,552 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2013.05.11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZillaServer.exe
PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.18 18:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2009.05.16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008.12.06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll


========== Services (SafeList) ==========

SRV - [2013.08.08 12:57:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.08.08 12:56:55 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.07.31 01:47:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.07.30 14:51:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.22 10:23:58 | 000,101,552 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013.05.11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.08 01:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.03 20:58:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.10.19 17:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (gdrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Adina\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013.08.08 12:57:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.08.08 12:57:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.08.08 12:57:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.08.08 12:57:32 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.18 19:39:36 | 000,040,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 17:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.03 01:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 05:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2009.09.17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 20:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 16:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01 [binary data]
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes,DefaultScope = {A13074A0-3EF3-4E01-854B-8977D377AF24}
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{588442DD-3D66-4A32-8467-2A77A2A06B61}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{A13074A0-3EF3-4E01-854B-8977D377AF24}: "URL" = http://www.google.co...1I7GGNI_roRO509
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.06.07 05:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.21 12:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.03 10:57:24 | 000,000,000 | ---D | M]

[2010.12.29 16:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2013.08.07 19:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2013.07.04 15:17:50 | 000,000,904 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\searchplugins\yahoo.xml
[2013.08.07 19:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.08.07 19:18:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.09.16 12:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 18:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.26 10:39:53 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.11.23 08:29:56 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipediaro.xml
[2013.07.20 12:53:19 | 000,002,162 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zgametb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.ro/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: SiteAdvisor = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\

O1 HOSTS File: ([2013.08.07 18:57:26 | 000,000,000 | --S- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\.DEFAULT..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-21-747581154-1102267190-2633786192-1000..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013.08.10 15:38:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.08.10 15:16:33 | 000,000,000 | ---D | C] -- C:\Games
[2013.08.08 13:16:00 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Avira
[2013.08.08 12:59:52 | 000,067,168 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.08.08 12:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.08.08 12:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.08.08 12:58:20 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.08.08 12:58:20 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.08.08 12:58:20 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.08.08 12:58:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.08.08 12:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.08.08 12:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.08.08 10:04:39 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\poze
[2013.08.07 18:40:50 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Selectie Septembrie 2013
[2013.08.07 17:00:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.08.07 11:31:14 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\ElevatedDiagnostics
[2013.08.02 16:56:37 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Fallulah - Escapism [Deluxe Edition] (2013)
[2013.08.02 16:39:20 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\FSC August 2013 .com
[2013.07.31 16:11:05 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\FSC Iulie
[2013.07.31 12:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.07.26 22:54:21 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\GHEORGHE TITEICA
[2013.07.17 06:53:26 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\MATEMATICA_materiale
[2013.07.14 12:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.07.14 12:40:17 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.07.14 12:40:13 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.07.14 12:40:13 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.07.14 12:40:13 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.07.14 00:13:42 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.07.14 00:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.07.14 00:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[1 C:\Users\Adina\Desktop\*.tmp files -> C:\Users\Adina\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.08.10 18:38:28 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.08.10 18:38:15 | 000,000,512 | ---- | M] () -- C:\Users\Adina\Desktop\MBR.dat
[2013.08.10 17:44:05 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.10 17:44:05 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.10 15:43:59 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.08.10 15:43:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.10 15:43:38 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.10 15:32:02 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RunAsStdUser Task.job
[2013.08.09 14:02:06 | 001,184,404 | ---- | M] () -- C:\Users\Adina\Desktop\proiect EQ - 1 oct 2013.pdf
[2013.08.08 12:59:52 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.08.08 12:57:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.08.08 12:57:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.08.08 12:57:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.08.08 12:57:32 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.08.08 12:54:30 | 000,000,196 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2013.08.08 03:48:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.08.07 18:57:26 | 000,000,000 | --S- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.07.30 14:51:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.30 14:51:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.07.30 14:51:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.07.29 15:42:22 | 001,566,910 | ---- | M] () -- C:\Users\Adina\Desktop\Resurse_Jacques_Salome.pdf
[2013.07.29 15:41:27 | 001,253,173 | ---- | M] () -- C:\Users\Adina\Desktop\Aplicatii ESPERE.pdf
[2013.07.29 15:22:40 | 000,842,964 | ---- | M] () -- C:\Users\Adina\Desktop\Metoda ESPERE.pdf
[2013.07.24 00:52:32 | 000,050,770 | ---- | M] () -- C:\Users\Adina\Documents\yy.wmf
[2013.07.14 12:40:10 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.07.14 12:40:09 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.07.14 12:40:09 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.07.14 12:40:09 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.07.14 12:40:09 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.07.14 12:40:09 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.07.14 00:13:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013.07.13 13:01:53 | 000,705,488 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013.07.13 13:01:53 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.13 13:01:53 | 000,131,134 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013.07.13 13:01:53 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.13 03:56:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f63c08d1f45.job
[1 C:\Users\Adina\Desktop\*.tmp files -> C:\Users\Adina\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.08.10 18:38:15 | 000,000,512 | ---- | C] () -- C:\Users\Adina\Desktop\MBR.dat
[2013.08.08 12:54:30 | 000,000,196 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2013.08.07 18:48:45 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\RunAsStdUser Task.job
[2013.08.05 17:29:44 | 001,184,404 | ---- | C] () -- C:\Users\Adina\Desktop\proiect EQ - 1 oct 2013.pdf
[2013.07.29 15:42:21 | 001,566,910 | ---- | C] () -- C:\Users\Adina\Desktop\Resurse_Jacques_Salome.pdf
[2013.07.29 15:41:27 | 001,253,173 | ---- | C] () -- C:\Users\Adina\Desktop\Aplicatii ESPERE.pdf
[2013.07.29 15:22:34 | 000,842,964 | ---- | C] () -- C:\Users\Adina\Desktop\Metoda ESPERE.pdf
[2013.07.24 00:52:32 | 000,050,770 | ---- | C] () -- C:\Users\Adina\Documents\yy.wmf
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013.07.13 03:56:04 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f63c08d1f45.job
[2013.07.05 05:31:20 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wspspodsini.dll
[2013.07.05 05:28:42 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2013.07.05 05:27:58 | 000,000,884 | RHS- | C] () -- C:\Users\Adina\ntuser.pol
[2013.02.18 19:39:36 | 000,040,344 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.11.07 19:25:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ADINA-PC-Microsoft-Windows-7-Enterprise-(32-bit).dat
[2012.07.08 16:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2012.01.10 23:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 23:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 23:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 22:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 22:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 22:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.12.15 22:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.12.15 22:31:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.11.22 20:28:39 | 000,185,248 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\NMM-MetaData.db
[2011.05.13 19:37:46 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.17 14:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 22:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.02.19 15:57:07 | 000,023,552 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 19:57:00 | 000,004,096 | ---- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.29 16:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010.11.20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.01.21 22:59:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ACD Systems
[2011.04.14 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\adma
[2013.08.10 03:30:28 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AIMP3
[2011.06.21 19:43:24 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Auslogics
[2011.09.18 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AutoCorect Contemporan
[2013.05.13 18:16:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer
[2011.01.08 20:58:08 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer Pro
[2011.06.20 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Canon
[2012.01.16 03:03:56 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.16 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.08.10 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2011.09.10 11:13:00 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Design Science
[2013.07.06 07:27:45 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Dropbox
[2013.04.03 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2011.01.25 12:50:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\FireShot
[2010.12.29 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Foxit Software
[2011.10.02 01:39:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GetRightToGo
[2011.06.26 18:47:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GrabPro
[2011.10.02 01:55:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ImTOO Software Studio
[2013.02.17 15:32:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IObit
[2011.05.22 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IrfanView
[2011.03.19 17:06:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\iSpring Solutions
[2011.02.20 23:43:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Leadertech
[2013.08.07 18:38:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Mp3tag
[2011.09.27 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Multimedia Player
[2011.04.19 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Nitro PDF
[2012.11.13 02:06:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Notepad++
[2012.05.22 18:49:43 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Octoshape
[2011.09.27 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\PC Suite
[2011.06.26 18:47:21 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ProgSense
[2013.07.04 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\QuickScan
[2011.11.22 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Samsung
[2012.12.17 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.09 15:57:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TeamViewer
[2012.03.31 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Total Eclipse
[2010.12.30 23:16:12 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TuneUp Software
[2013.08.10 14:58:13 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\uTorrent
[2011.09.13 17:08:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Webshots
[2012.09.02 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Xilisoft
[2010.12.29 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\XnView
[2011.11.23 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2011.09.27 14:02:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AutoCorect Contemporan
[2013.05.23 16:45:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2011.11.23 13:53:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Multimedia Player
[2011.09.27 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2011.11.23 13:45:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2012.10.10 11:56:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Webshots
[2011.12.06 01:23:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011.12.06 01:23:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009.07.14 04:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013.02.27 07:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009.07.14 04:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010.11.20 15:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010.11.20 15:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2012.01.17 18:40:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 04:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012.07.05 00:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013.05.13 07:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.20 15:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010.11.20 15:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011.03.03 08:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 04:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 04:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009.07.14 04:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010.11.20 15:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 04:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 04:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 04:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 04:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2010.11.20 15:20:30 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 04:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011.05.24 13:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012.02.11 08:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012.01.17 18:40:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 04:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010.11.20 15:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010.11.20 15:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 04:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2012.01.17 18:40:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009.07.14 04:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010.11.20 15:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010.11.20 15:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010.11.20 15:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010.11.20 15:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.14 04:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012.05.01 07:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010.11.20 15:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010.11.20 15:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010.11.20 15:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010.11.20 15:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.11.20 15:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010.11.20 15:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010.11.20 15:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010.11.20 15:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 04:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012.06.03 01:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010.11.20 15:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 04:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010.11.20 15:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2008.05.08 09:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004.06.12 03:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< MD5 for: EXPLORER.EXE >
[2011.02.26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: QMGR.DLL >
[2010.11.20 15:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
[2010.11.20 15:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010.11.20 15:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SERVICES >
[2009.06.11 00:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.11 00:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.ASFX >
[2012.09.23 20:44:02 | 000,002,648 | ---- | M] () MD5=0865ABFC40AE2C730EF33F0E29C2C780 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012.09.23 20:43:52 | 000,002,588 | ---- | M] () MD5=0D18AE3100D7B9D49DCB1CE1EABA21F7 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx
[2012.09.23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx
[2012.09.23 20:43:54 | 000,002,619 | ---- | M] () MD5=2468CEF75419234DCA72F892392DFB6C -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012.09.23 20:43:50 | 000,002,525 | ---- | M] () MD5=34EB1E120DAE2C8346BA3747D562355B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\da_DK\Services\Services.asfx
[2012.09.23 20:43:44 | 000,002,851 | ---- | M] () MD5=364469E5C8724EB95F2E142438C8CECF -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012.09.23 20:43:48 | 000,002,556 | ---- | M] () MD5=3BE849A0D8DEEF6E14BEC19D565A965D -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sv_SE\Services\Services.asfx
[2012.09.23 20:43:50 | 000,002,577 | ---- | M] () MD5=4160D76537EB300F681419BEA7589192 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012.09.23 20:43:58 | 000,002,601 | ---- | M] () MD5=4E7A75C5564D7E08200E3B7F656BF227 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012.09.23 20:43:56 | 000,002,760 | ---- | M] () MD5=69BCCC8BA799AD320C723B14DAE327EB -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012.09.23 20:44:02 | 000,003,264 | ---- | M] () MD5=6A3669AC3D692776A76DB4C513B73718 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012.09.23 20:44:06 | 000,002,497 | ---- | M] () MD5=6ECF361623A3B738642C61790DF3BF73 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012.09.23 20:43:46 | 000,002,533 | ---- | M] () MD5=72E505C96C0A40BE1DFD0F5FB982F527 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\it_IT\Services\Services.asfx
[2012.09.23 20:43:58 | 000,003,374 | ---- | M] () MD5=7DE29C93BAEEB470EE77CF5C1B1C03A1 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ru_RU\Services\Services.asfx
[2012.09.23 20:43:52 | 000,002,653 | ---- | M] () MD5=881E2DDB014FD5D09B84AA45F2E86077 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012.09.23 20:43:48 | 000,002,628 | ---- | M] () MD5=8A84C89E1D2A0916D4464D5AD46FB8AC -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012.09.23 20:44:02 | 000,002,539 | ---- | M] () MD5=8DEA878E25C893461D45C8974160B559 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sl_SI\Services\Services.asfx
[2012.09.23 20:43:42 | 000,002,616 | ---- | M] () MD5=939A97CCEC5E78C7D41262B21158D749 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012.09.23 20:44:00 | 000,002,516 | ---- | M] () MD5=9B850C525959D9F53CD576DEF11F6ED4 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012.09.23 20:44:04 | 000,002,640 | ---- | M] () MD5=A86B5BD2B198C0870542D6478C3CC6BC -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012.09.23 20:43:50 | 000,002,493 | ---- | M] () MD5=A8C9725DBFAA9DB585F9691060B1FFA3 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012.09.23 20:43:54 | 000,002,488 | ---- | M] () MD5=B1468F053A250799FCE421BEC8AA9A57 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012.09.23 20:43:54 | 000,002,457 | ---- | M] () MD5=BE0958E015FED942FAD670540F2BCEC1 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012.09.23 20:44:04 | 000,002,543 | ---- | M] () MD5=C2EDC3B5BB19B6F41226433A889EFE48 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012.09.23 20:43:56 | 000,002,543 | ---- | M] () MD5=C66A95C06294259E63522BBB0E8B3ED8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012.09.23 20:43:46 | 000,002,546 | ---- | M] () MD5=DE20C36CDD3208B4E8544397E551C40B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\es_ES\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012.09.23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.cfg
[2013.05.11 13:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009.07.14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009.07.14 05:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009.07.14 05:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009.07.13 19:41:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=13D87E1A0FCE47C4743C2DED1F569F52 -- C:\Windows\System32\ro-RO\services.exe.mui
[2009.07.13 19:41:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=13D87E1A0FCE47C4743C2DED1F569F52 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_b08c6962d9d2fc09\services.exe.mui
[2009.07.13 19:47:16 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\System32\fr-FR\services.exe.mui
[2009.07.13 19:47:16 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c56701d7a41cb39\services.exe.mui

< MD5 for: SERVICES.H >
[2012.07.20 20:38:02 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\xampp\mysql\include\mysql\services.h

< MD5 for: SERVICES.LNK >
[2009.07.14 07:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 07:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.11 00:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.11 00:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009.07.13 19:36:16 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2009.07.13 19:36:16 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009.07.14 05:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009.07.14 05:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 23:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 23:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 15:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 15:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009.07.14 00:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009.07.14 00:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Windows7
Volume Serial Number is 80D0-7A6B
Directory of C:\
29.12.2010 15:50 <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes
Directory of C:\ProgramData
29.12.2010 15:50 <JUNCTION> Application Data [..]
29.12.2010 15:50 <JUNCTION> Desktop [..]
29.12.2010 15:50 <JUNCTION> Favorites [..]
29.12.2010 15:50 <JUNCTION> Start Menu [..]
29.12.2010 15:50 <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users
29.12.2010 15:50 <SYMLINKD> All Users [C:\ProgramData]
29.12.2010 15:50 <JUNCTION> Default User [..]
0 File(s) 0 bytes
Directory of C:\Users\Adina
29.12.2010 15:50 <JUNCTION> Application Data [C:\Users\Adina\AppData\Roaming]
29.12.2010 15:50 <JUNCTION> Cookies [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Cookies]
29.12.2010 15:50 <JUNCTION> Local Settings [C:\Users\Adina\AppData\Local]
29.12.2010 15:50 <JUNCTION> My Documents [C:\Users\Adina\Documents]
29.12.2010 15:50 <JUNCTION> NetHood [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29.12.2010 15:50 <JUNCTION> PrintHood [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29.12.2010 15:50 <JUNCTION> Recent [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Recent]
29.12.2010 15:50 <JUNCTION> SendTo [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\SendTo]
29.12.2010 15:50 <JUNCTION> Start Menu [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu]
29.12.2010 15:50 <JUNCTION> Templates [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Adina\AppData\Local
29.12.2010 15:50 <JUNCTION> Application Data [C:\Users\Adina\AppData\Local]
29.12.2010 15:50 <JUNCTION> History [C:\Users\Adina\AppData\Local\Microsoft\Windows\History]
29.12.2010 15:50 <JUNCTION> Temporary Internet Files [C:\Users\Adina\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Adina\Documents
29.12.2010 15:50 <JUNCTION> My Music [C:\Users\Adina\Music]
29.12.2010 15:50 <JUNCTION> My Pictures [C:\Users\Adina\Pictures]
29.12.2010 15:50 <JUNCTION> My Videos [C:\Users\Adina\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Administrator
31.12.2010 02:16 <JUNCTION> Application Data [C:\Users\Administrator\AppData\Roaming]
31.12.2010 02:16 <JUNCTION> Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
31.12.2010 02:16 <JUNCTION> Local Settings [C:\Users\Administrator\AppData\Local]
31.12.2010 02:16 <JUNCTION> My Documents [C:\Users\Administrator\Documents]
31.12.2010 02:16 <JUNCTION> NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31.12.2010 02:16 <JUNCTION> PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31.12.2010 02:16 <JUNCTION> Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
31.12.2010 02:16 <JUNCTION> SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
31.12.2010 02:16 <JUNCTION> Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
31.12.2010 02:16 <JUNCTION> Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\AppData\Local
31.12.2010 02:16 <JUNCTION> Application Data [C:\Users\Administrator\AppData\Local]
31.12.2010 02:16 <JUNCTION> History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
31.12.2010 02:16 <JUNCTION> Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\Documents
31.12.2010 02:16 <JUNCTION> My Music [C:\Users\Administrator\Music]
31.12.2010 02:16 <JUNCTION> My Pictures [C:\Users\Administrator\Pictures]
31.12.2010 02:16 <JUNCTION> My Videos [C:\Users\Administrator\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
29.12.2010 15:50 <JUNCTION> Application Data [..]
29.12.2010 15:50 <JUNCTION> Desktop [..]
29.12.2010 15:50 <JUNCTION> Favorites [..]
29.12.2010 15:50 <JUNCTION> Start Menu [..]
29.12.2010 15:50 <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default
29.12.2010 15:50 <JUNCTION> Application Data [..]
29.12.2010 15:50 <JUNCTION> Local Settings [..]
29.12.2010 15:50 <JUNCTION> My Documents [..]
29.12.2010 15:50 <JUNCTION> NetHood [..]
29.12.2010 15:50 <JUNCTION> PrintHood [..]
29.12.2010 15:50 <JUNCTION> Recent [..]
29.12.2010 15:50 <JUNCTION> SendTo [..]
29.12.2010 15:50 <JUNCTION> Start Menu [..]
29.12.2010 15:50 <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
29.12.2010 15:50 <JUNCTION> Application Data [..]
29.12.2010 15:50 <JUNCTION> History [..]
29.12.2010 15:50 <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
29.12.2010 15:50 <JUNCTION> My Music [..]
29.12.2010 15:50 <JUNCTION> My Pictures [..]
29.12.2010 15:50 <JUNCTION> My Videos [..]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
29.12.2010 15:50 <JUNCTION> My Music [C:\Users\Public\Music]
29.12.2010 15:50 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
29.12.2010 15:50 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
15.12.2011 22:31 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15.12.2011 22:31 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
15.12.2011 22:31 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
15.12.2011 22:31 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
15.12.2011 22:31 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
15.12.2011 22:31 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
15.12.2011 22:31 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
15.12.2011 22:31 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
15.12.2011 22:31 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
15.12.2011 22:31 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15.12.2011 22:31 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15.12.2011 22:31 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
15.12.2011 22:31 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
15.12.2011 22:31 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
15.12.2011 22:31 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
78 Dir(s) 14.607.781.888 bytes free

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2500AAJB-00WGA0 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000AAKS-00A7B2 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 233,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 98,00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #1, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 368,00GB
Starting Offset: 104857600000
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#6
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 4,328 posts

Ok, I thought I shoudn't post all logs at once. Here are all the logs:

Yes, please post all requested logs at the same time :)
The aswMBR log is good. The last OTL log looks good. AdwCleaner found some additional toolbars and extensions rubbish so let's kill them and continue on
Let me know how the computer is behaving after this run.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the adwcleaner.exe file and click Run as administrator, then accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.

Before running Steps 3 and 4 I want you to disable any screen saver that you have running.


Step-3.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right Click the mbam icom on the desktop and click Run As Administrator, then click the Continue button on the UAC window. You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-4.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application and screen saver after running the above scan!


Step-5.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-6

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S1].txt log
2. The JRT.txt log
3. The MBAM log
4. The ESET scan log (IF it found anything.) If it didn't just let me know.
5. The checkup.txt log
6. How is the computer running?
  • 0

#7
Kristina

Kristina

    Member

  • Member
  • PipPipPip
  • 264 posts
# AdwCleaner v2.306 - Logfile created 08/12/2013 at 09:15:54
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Adina - ADINA-PC
# Boot Mode : Normal
# Running from : C:\Users\Adina\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\Adina\AppData\Local\iac

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\prefs.js

[OK] File is clean.

File : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\prefs.js

C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\user.js ... Deleted !

Deleted : user_pref("browser.search.selectedEngine", "blekko");
Deleted : user_pref("extensions.aniweather.timeShifted", 932483);
Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?p[...]

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1sq91csa.default\prefs.js

Deleted : user_pref("browser.search.selectedEngine", "blekko");
Deleted : user_pref("browser.startup.homepage", "hxxp://blekkosearch.mystart.com/zgametb/?source=a92683ac&tool[...]

-\\ Google Chrome v28.0.1500.71

File : C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4861 octets] - [06/07/2013 11:07:04]
AdwCleaner[R2].txt - [2166 octets] - [10/08/2013 18:42:05]
AdwCleaner[S1].txt - [20537 octets] - [28/10/2012 17:45:55]
AdwCleaner[S2].txt - [4938 octets] - [06/07/2013 11:09:43]
AdwCleaner[S3].txt - [2221 octets] - [12/08/2013 09:15:54]

########## EOF - C:\AdwCleaner[S3].txt - [2281 octets] ##########





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.3 (08.11.2013:2)
OS: Windows 7 Enterprise x86
Ran by Adina on 12.08.2013 at 9:26:50,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\mypc backup"



~~~ FireFox

Successfully deleted the following from C:\Users\Adina\AppData\Roaming\mozilla\firefox\profiles\lev0xhsv.default\prefs.js

user_pref("extensions.defaulttab.active.affiliate", 3507);
user_pref("extensions.defaulttab.browserID", "91C383F094D3A2E6F4DF8D83EE996A20");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.2");
user_pref("extensions.defaulttab.lastUsed", 1352929727);
user_pref("extensions.toolbar.mindspark._39Members_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2013030210");
user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm031^YY^ro");
user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "292570");
user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "7628B272-ACB9-4C30-9F5E-0DE1422B571D");
user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1362420560456");
user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark._49Members_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013071009");
user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm045^YYA^ro");
user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "PI_UT_INT_ROM_24");
user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "1883815A-C098-495B-A0C8-F206EFC85AFE");
user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1373621982046");
user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013032318");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm073^YY^ro");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "D3BCADCC-0409-47AF-A804-C55ACE7C310D");
user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1364134080911");
user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "Bucurestiul la 1900||REZULTATE OBTINUTE LA CONCURSUL DE MATEMATICA APLICATA ? ADOLF HAIMOVICI ?");
user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", false);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
Emptied folder: C:\Users\Adina\AppData\Roaming\mozilla\firefox\profiles\lev0xhsv.default\minidumps [649 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.08.2013 at 9:28:13,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Adina\Desktop\protectie\backups\backup-20130704-155826-165.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Adina\Downloads\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Adina\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\7. Kituri\Kituri\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
D:\7. Kituri\KITURI mici\OrbitDownloaderSetup.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\7. Kituri\KITURI mici\Protectie\Defrag\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined







Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
SUPERAntiSpyware
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox (23.0)
Google Chrome 28.0.1500.63
Google Chrome 28.0.1500.71
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#8
Kristina

Kristina

    Member

  • Member
  • PipPipPip
  • 264 posts
I still have Windows security center and Avira desktop disabled each time I start the computer.

On the bright side, I see now that when I open Firefox and IE, the homepage is http://www.google.ro, like it's supposed to. Before the address had further signs and letters in the end, although it opened the Google home page with no problems.

However, in Chrome, the start page has the address http://www.google.ro/?gws_rd=cr. I wonder why it cured the problem in Firefox, but not in Chrome.

Edited by Kristina, 12 August 2013 - 05:45 AM.

  • 0

#9
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 4,328 posts
Thanks for the logs. You didn't post the MBAM log. Could you do that please? You can find it in the Logs tab in MBAM. Just click on the .txt file with the most recent date and then click the Open button. Then copy and paste the contents of the log file in your next reply.

I still have Windows security center and Avira desktop disabled each time I start the computer.

In your original post you said that the action center reported Avira as turned off when actually it was on. Is that still the case?

However, in Chrome, the start page has the address http://www.google.ro/?gws_rd=cr. I wonder why it cured the problem in Firefox, but not in Chrome.

Because it's not malicious. It means the Google web server(gws) getting redirected (rd)by country(cr). See the web page here for more information.


Step-1.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.

  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if you were able to change the Chrome home page
2. The MBAM log
3. The FSS.txt log
  • 0

#10
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 4,328 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#11
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 4,328 posts
Topic re-opened.
  • 0

#12
Kristina

Kristina

    Member

  • Member
  • PipPipPip
  • 264 posts
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Adina :: ADINA-PC [administrator]

Protection: Disabled

12.08.2013 09:55:30
MBAM-log-2013-08-12 (12-01-27).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 585964
Time elapsed: 2 hour(s), 4 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Adina\Downloads\bsplayer265.1074.exe (PUP.Optional.OpenCandy) -> No action taken.
D:\7. Kituri\KITURI mici\MediaInfo_GUI_0.7.8_Windows_i386.exe (PUP.Optional.OpenCandy) -> No action taken.
D:\7. Kituri\KITURI mici\DTLite4454-0316.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Adina\AppData\Local\temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> No action taken.

(end)





Farbar Service Scanner Version: 14-08-2013 01
Ran by Adina (administrator) on 17-08-2013 at 09:09:24
Running from "C:\Users\Adina\Desktop"
Microsoft Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 19:38] - [2013-07-06 08:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 19:38] - [2013-07-09 07:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 05:18] - [2013-05-27 07:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****





Windows Defender and Avira Desktop still appear disabled in the Action Center each time I start the computer. However the Avira icon says protection is active.
  • 0

#13
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 4,328 posts
Thanks for the update and the logs. The MBAM log shows that you didn't remove any of the files that MBAM found:

C:\Users\Adina\Downloads\bsplayer265.1074.exe (PUP.Optional.OpenCandy) -> No action taken.

So we will run it again and remove them.

The FSS scan shows that the Action Center isn't running so we will address that. FSS also shows a couple of files that we need checked.


Step-1.

Re-run MalwareBytes using the instructions in Step 3. of post #6.
When you get to Number 7 be sure to click the Remove Selected button.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
sc stop wscsvc /c
sc config wscsvc start= auto /c
sc start wscsvc /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

NOTE: When the computer restarts check to make sure Windows Defender and Avira appear properly. If they do, skip Step 3. and continue with Step 4.
If the Action Center still shows Windows Defender and Avira as disabled continue with Step 3.


Step-3.

Re-run the Farbar Service Scanner using the instructions in Step 1. of post #9


Step-4.

There are some files we need checked.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Windows\system32\Drivers\tcpip.sys
    C:\Program Files\Windows Defender\MpSvc.dll
    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 7 for each file listed.

Step-5.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
/md5start
tcpip.sys
mpsvc.dll
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if the Action Center is working properly now.
2. The MBAM log
3. The OTL fixes log
4. The new FSS.txt log (IF you needed to run it again)
5. The VirusTotal URL links
6. The new OTL.txt log
  • 0

#14
Kristina

Kristina

    Member

  • Member
  • PipPipPip
  • 264 posts
Thank you for reopening the topic!


Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.16.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Adina :: ADINA-PC [administrator]

Protection: Disabled

16.08.2013 13:41:29
mbam-log-2013-08-16 (13-41-29).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 591197
Time elapsed: 2 hour(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)







All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
< sc stop wscsvc /c >
SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 3 STOP_PENDING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\Adina\Downloads\cmd.bat deleted successfully.
C:\Users\Adina\Downloads\cmd.txt deleted successfully.
< sc config wscsvc start= auto /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Adina\Downloads\cmd.bat deleted successfully.
C:\Users\Adina\Downloads\cmd.txt deleted successfully.
< sc start wscsvc /c >
SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 816
FLAGS :
C:\Users\Adina\Downloads\cmd.bat deleted successfully.
C:\Users\Adina\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adina
->Temp folder emptied: 97576920 bytes
->Temporary Internet Files folder emptied: 2134714 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36143148 bytes
->Google Chrome cache emptied: 328597439 bytes
->Flash cache emptied: 1093 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18537865 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 460725606 bytes

Total Files Cleaned = 900,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08182013_153735

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




There are no notifications about Windows Defender and Avira now.



Virus Total didn't find anything in the 2 files:

https://www.virustot...sis/1376829851/
https://www.virustot...sis/1376829974/







OTL logfile created on: 18.08.2013 15:48:36 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adina\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,30 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 62,73% Memory free
4,30 Gb Paging File | 2,67 Gb Available in Paging File | 62,01% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 13,09 Gb Free Space | 13,41% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 61,28 Gb Free Space | 16,65% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 26,51 Gb Free Space | 11,38% Space Free | Partition Type: NTFS
Drive G: | 14,90 Gb Total Space | 10,84 Gb Free Space | 72,71% Space Free | Partition Type: FAT32

Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.08.08 12:57:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.08.08 12:57:00 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.08.08 12:56:55 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.08.08 12:56:55 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.08.07 16:33:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Downloads\OTL.exe
PRC - [2013.07.03 08:10:29 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013.05.22 10:23:58 | 000,101,552 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2013.05.11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZillaServer.exe
PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.07.03 08:10:26 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppgooglenaclpluginchrome.dll
MOD - [2013.07.03 08:10:23 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
MOD - [2013.07.03 08:09:27 | 000,601,552 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libglesv2.dll
MOD - [2013.07.03 08:09:26 | 000,123,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libegl.dll
MOD - [2013.07.03 08:09:23 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ffmpegsumo.dll
MOD - [2012.05.25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012.05.25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2009.05.16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008.12.06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll


========== Services (SafeList) ==========

SRV - [2013.08.17 22:01:20 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.08.08 12:57:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.08.08 12:56:55 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.07.30 14:51:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.22 10:23:58 | 000,101,552 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013.05.11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.08 01:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.03 20:58:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.10.19 17:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (gdrv)
DRV - [2013.08.08 12:57:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.08.08 12:57:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.08.08 12:57:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.08.08 12:57:32 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.18 19:39:36 | 000,040,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 17:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.03 01:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 05:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2009.09.17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 20:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 16:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01 [binary data]
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes,DefaultScope = {A13074A0-3EF3-4E01-854B-8977D377AF24}
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{588442DD-3D66-4A32-8467-2A77A2A06B61}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{A13074A0-3EF3-4E01-854B-8977D377AF24}: "URL" = http://www.google.co...1I7GGNI_roRO509
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.06.07 05:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.08.17 22:01:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.08.17 22:01:18 | 000,000,000 | ---D | M]

[2010.12.29 16:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2013.08.07 19:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2013.07.04 15:17:50 | 000,000,904 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\searchplugins\yahoo.xml
[2013.08.17 22:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.08.17 22:01:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.09.16 12:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 18:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.26 10:39:53 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.11.23 08:29:56 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipediaro.xml
[2013.07.20 12:53:19 | 000,002,162 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zgametb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.ro/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: SiteAdvisor = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\

O1 HOSTS File: ([2013.08.07 18:57:26 | 000,000,000 | --S- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\.DEFAULT..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-21-747581154-1102267190-2633786192-1000..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.08.17 22:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.08.17 00:24:50 | 000,357,085 | ---- | C] (Farbar) -- C:\Users\Adina\Desktop\FSS.exe
[2013.08.14 19:58:51 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.08.14 19:58:51 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.08.14 19:58:50 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.08.14 19:58:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.08.14 19:58:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.08.14 19:58:49 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.08.14 19:58:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.08.14 19:58:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.08.14 19:58:49 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.08.14 19:58:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.08.14 19:38:46 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.08.14 19:38:46 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.08.14 19:38:44 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.08.14 19:38:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.08.12 09:26:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.08.10 15:38:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.08.10 15:16:33 | 000,000,000 | ---D | C] -- C:\Games
[2013.08.08 13:16:00 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Avira
[2013.08.08 12:59:52 | 000,067,168 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.08.08 12:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.08.08 12:58:20 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.08.08 12:58:20 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.08.08 12:58:20 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.08.08 12:58:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.08.08 12:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.08.08 12:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.08.08 10:04:39 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\poze
[2013.08.07 18:40:50 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Selectie Septembrie 2013
[2013.08.07 17:00:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.08.02 16:56:37 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Fallulah - Escapism [Deluxe Edition] (2013)
[2013.08.02 16:39:20 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\FSC August 2013 .com
[2013.07.31 12:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.07.26 22:54:21 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\GHEORGHE TITEICA
[1 C:\Users\Adina\Desktop\*.tmp files -> C:\Users\Adina\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.08.18 15:39:33 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.08.18 15:39:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.18 15:39:11 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.18 15:38:32 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.18 15:38:32 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.18 15:35:43 | 001,198,967 | ---- | M] () -- C:\Users\Adina\Desktop\proiect EQ - 1 oct 2013.pdf
[2013.08.17 00:24:57 | 000,357,085 | ---- | M] (Farbar) -- C:\Users\Adina\Desktop\FSS.exe
[2013.08.15 22:33:08 | 000,144,015 | ---- | M] () -- C:\Users\Adina\Desktop\program-analiza.pdf
[2013.08.15 14:02:46 | 000,705,488 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013.08.15 14:02:46 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.08.15 14:02:46 | 000,131,134 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013.08.15 14:02:46 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.08.12 00:13:44 | 034,774,016 | ---- | M] () -- C:\Users\Adina\Desktop\Pentru Adina.pps
[2013.08.10 18:38:28 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.08.10 15:32:02 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RunAsStdUser Task.job
[2013.08.08 12:59:52 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.08.08 12:57:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.08.08 12:57:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.08.08 12:57:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.08.08 12:57:32 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.08.08 12:54:30 | 000,000,196 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2013.08.08 03:48:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.08.07 18:57:26 | 000,000,000 | --S- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.07.30 14:51:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.30 14:51:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.07.30 14:51:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.07.29 15:42:22 | 001,566,910 | ---- | M] () -- C:\Users\Adina\Desktop\Resurse_Jacques_Salome.pdf
[2013.07.29 15:41:27 | 001,253,173 | ---- | M] () -- C:\Users\Adina\Desktop\Aplicatii ESPERE.pdf
[2013.07.29 15:22:40 | 000,842,964 | ---- | M] () -- C:\Users\Adina\Desktop\Metoda ESPERE.pdf
[2013.07.26 06:13:37 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.07.26 06:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.07.26 06:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.07.26 06:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.07.26 06:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.07.26 06:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.07.26 06:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.07.26 06:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.07.26 05:49:14 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.07.26 04:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.07.25 11:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.07.24 00:52:32 | 000,050,770 | ---- | M] () -- C:\Users\Adina\Documents\yy.wmf
[1 C:\Users\Adina\Desktop\*.tmp files -> C:\Users\Adina\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.08.16 12:36:42 | 034,774,016 | ---- | C] () -- C:\Users\Adina\Desktop\Pentru Adina.pps
[2013.08.15 22:33:06 | 000,144,015 | ---- | C] () -- C:\Users\Adina\Desktop\program-analiza.pdf
[2013.08.08 12:54:30 | 000,000,196 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2013.08.07 18:48:45 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\RunAsStdUser Task.job
[2013.08.05 17:29:44 | 001,198,967 | ---- | C] () -- C:\Users\Adina\Desktop\proiect EQ - 1 oct 2013.pdf
[2013.07.29 15:42:21 | 001,566,910 | ---- | C] () -- C:\Users\Adina\Desktop\Resurse_Jacques_Salome.pdf
[2013.07.29 15:41:27 | 001,253,173 | ---- | C] () -- C:\Users\Adina\Desktop\Aplicatii ESPERE.pdf
[2013.07.29 15:22:34 | 000,842,964 | ---- | C] () -- C:\Users\Adina\Desktop\Metoda ESPERE.pdf
[2013.07.24 00:52:32 | 000,050,770 | ---- | C] () -- C:\Users\Adina\Documents\yy.wmf
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013.07.05 05:31:20 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wspspodsini.dll
[2013.07.05 05:28:42 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2013.07.05 05:27:58 | 000,000,884 | RHS- | C] () -- C:\Users\Adina\ntuser.pol
[2013.02.18 19:39:36 | 000,040,344 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.11.07 19:25:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ADINA-PC-Microsoft-Windows-7-Enterprise-(32-bit).dat
[2012.07.08 16:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2012.01.10 23:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 23:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 23:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 22:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 22:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 22:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.12.15 22:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.12.15 22:31:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.11.22 20:28:39 | 000,185,248 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\NMM-MetaData.db
[2011.05.13 19:37:46 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.17 14:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 22:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.02.19 15:57:07 | 000,023,552 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 19:57:00 | 000,004,096 | ---- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.29 16:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010.11.20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.01.21 22:59:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ACD Systems
[2011.04.14 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\adma
[2013.08.11 10:28:28 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AIMP3
[2011.06.21 19:43:24 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Auslogics
[2011.09.18 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AutoCorect Contemporan
[2013.05.13 18:16:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer
[2011.01.08 20:58:08 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer Pro
[2011.06.20 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Canon
[2012.01.16 03:03:56 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.16 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.08.10 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2011.09.10 11:13:00 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Design Science
[2013.07.06 07:27:45 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Dropbox
[2013.04.03 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2011.01.25 12:50:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\FireShot
[2010.12.29 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Foxit Software
[2011.10.02 01:39:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GetRightToGo
[2011.06.26 18:47:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GrabPro
[2011.10.02 01:55:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ImTOO Software Studio
[2013.02.17 15:32:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IObit
[2011.05.22 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IrfanView
[2011.03.19 17:06:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\iSpring Solutions
[2011.02.20 23:43:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Leadertech
[2013.08.07 18:38:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Mp3tag
[2011.09.27 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Multimedia Player
[2011.04.19 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Nitro PDF
[2012.11.13 02:06:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Notepad++
[2012.05.22 18:49:43 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Octoshape
[2011.09.27 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\PC Suite
[2011.06.26 18:47:21 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ProgSense
[2013.07.04 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\QuickScan
[2011.11.22 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Samsung
[2012.12.17 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.09 15:57:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TeamViewer
[2012.03.31 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Total Eclipse
[2010.12.30 23:16:12 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TuneUp Software
[2013.08.11 10:28:28 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\uTorrent
[2011.09.13 17:08:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Webshots
[2012.09.02 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Xilisoft
[2010.12.29 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\XnView
[2011.11.23 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2011.09.27 14:02:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AutoCorect Contemporan
[2013.05.23 16:45:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2011.11.23 13:53:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Multimedia Player
[2011.09.27 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2011.11.23 13:45:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2012.10.10 11:56:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Webshots
[2011.12.06 01:23:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011.12.06 01:23:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: MPSVC.DLL >
[2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=082CF481F659FAE0DE51AD060881EB47 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=082CF481F659FAE0DE51AD060881EB47 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpSvc.dll
[2013.05.27 07:29:30 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=0A4C23D8D5B7A376C6C51EC72F3CB8AA -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MpSvc.dll
[2009.07.14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=3FAE8F94296001C32EAB62CD7D82E0FD -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpSvc.dll

< MD5 for: TCPIP.SYS >
[2011.06.21 08:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2012.08.22 20:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 07:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2010.11.20 15:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 19:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2013.01.04 07:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013.07.06 08:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\System32\drivers\tcpip.sys
[2013.07.06 08:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013.07.06 07:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2013.05.08 09:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2011.09.29 19:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 09:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 08:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012.03.30 13:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2012.03.30 12:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012.08.22 20:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\erdnt\cache\tcpip.sys
[2012.08.22 20:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2013.05.08 08:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2011.06.21 09:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Edited by Kristina, 18 August 2013 - 07:23 AM.

  • 0

#15
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 4,328 posts

There are no notifications about Windows Defender and Avira now.

:thumbsup:

The MBAM scan is clean. The OTL scan just shows some rubbish files that we will get rid of. If you don't have any further issues after this run we will be ready to clean up the tools and I will give you some recommendations to help keep the computer secure in the future.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
[2013.08.08 12:54:30 | 000,000,196 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DDEB5AD4-F4D8-44F6-AB47-8EE114623C13}" = -
"{2A0A0BA3-B9CA-489A-97B0-7268C5210D64}" = -

:FILES
C:\Users\Adina\AppData\Roaming\uTorrent
C:\Program Files\uTorrent
C:\Users\Adina\AppData\Roaming\TuneUp Software
C:\Users\Adina\AppData\Roaming\IObit
C:\Users\Default\AppData\Roaming\IObit
C:\Users\Default User\AppData\Roaming\IObit

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. Let me know if you have any other issues.
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured