Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Corrupted Windows Uninstaller

Started by Kristina , May 15 2014 10:04 AM

  • This topic is locked This topic is locked

#1
Kristina
Posted 15 May 2014 - 10:04 AM

Kristina

    Member

  • Member
  • PipPipPip
  • 319 posts

Hello and thanks for looking into this.

 

My computer has been running quite slow the past weeks (startup and internet), so I scanned it for spyware. There weren't very particular problems besides this.

 

I also installed Advanced System Care, which found some malware, cleaned the registry and updated drivers. After this problems started.

- the uninstaller which comes with ASC seems to have done a mess. It blocked during uninstalling some programs. ACDSee Pro 6 isn't working anymore, after I uninstalled its previous version 5; when I tried to install TuneUp Utilities it said Windows Installer is corrupted; I completely uninstalled ASC, deleted its keys with Superantispyware, but the same problems. 

I cheched Windows Update, but I could only install 6/12 updates, the rest give errors (code 80070641 and 641).

- The restore points are not working, I get an error like "80070002" the system couldn't be restored. 

Yahoo mail started to pop different errors when I simply browse through my mails; it says "there was an error communicating with server 465. please check your settings"

 

I scanned the computer with Avira, MalwareBytes, Superantispyware and it looks clean.

 

 

 

Here is the OTL log:

 

 

OTL logfile created on: 15.05.2014 18:50:33 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adina\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy
 
3,30 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 42,98% Memory free
4,42 Gb Paging File | 1,45 Gb Available in Paging File | 32,77% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 22,25 Gb Free Space | 22,80% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 61,14 Gb Free Space | 16,61% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 173,11 Gb Free Space | 74,33% Space Free | Partition Type: NTFS
Drive H: | 2794,51 Gb Total Space | 2370,67 Gb Free Space | 84,83% Space Free | Partition Type: NTFS
 
Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.05.15 18:50:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Downloads\OTL.exe
PRC - [2014.05.09 18:46:27 | 009,177,648 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
PRC - [2014.05.05 10:38:00 | 000,182,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014.05.05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014.04.25 11:21:30 | 000,133,184 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2014.03.13 14:13:52 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014.03.13 14:13:46 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.03.13 14:13:46 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.12.18 16:57:21 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.10.11 01:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013.08.02 03:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013.07.03 08:10:29 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.23 05:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.05 10:37:58 | 000,138,320 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014.05.05 10:37:52 | 000,049,744 | ---- | M] () -- C:\Users\Adina\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014.02.14 02:48:35 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014.02.14 02:47:43 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014.02.14 02:47:17 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014.02.14 02:46:30 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014.02.14 02:46:24 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014.02.14 02:46:23 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014.02.14 01:54:50 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.02.14 01:54:35 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.02.14 01:54:32 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014.02.14 01:54:30 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014.02.14 01:54:28 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014.02.14 01:54:25 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.02.14 01:54:22 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014.02.14 01:54:22 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014.02.14 01:54:20 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014.02.14 01:54:20 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014.02.14 01:54:15 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.02.14 01:54:14 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.02.14 01:54:13 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.02.14 01:54:11 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014.02.14 01:54:08 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.02.14 01:54:07 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.02.14 01:54:06 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.02.14 01:54:02 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014.02.14 01:54:00 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013.07.10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2013.07.03 08:10:26 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppgooglenaclpluginchrome.dll
MOD - [2013.07.03 08:10:23 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
MOD - [2013.07.03 08:09:27 | 000,601,552 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libglesv2.dll
MOD - [2013.07.03 08:09:26 | 000,123,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libegl.dll
MOD - [2013.07.03 08:09:23 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ffmpegsumo.dll
MOD - [2012.06.18 18:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2012.05.25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012.05.25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2009.05.16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008.12.06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014.05.13 23:29:06 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.11 09:30:07 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.05.05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014.04.25 11:21:30 | 000,133,184 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014.04.08 17:24:28 | 002,152,768 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014.03.13 14:13:52 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.03.13 14:13:46 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.03.06 10:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.10.11 01:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013.10.09 11:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.03 20:58:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () [Auto | Start_Pending] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Stopped] -- C:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (gdrv)
DRV - [2014.05.12 19:03:11 | 000,270,336 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2014.04.24 12:36:02 | 000,052,928 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys -- ({0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw)
DRV - [2013.12.18 16:57:39 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.12.18 16:57:39 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.10.01 14:17:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.08.08 12:57:32 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.18 19:39:36 | 000,040,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 17:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.11.06 05:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2009.09.17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.02.12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 20:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 16:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {A13074A0-3EF3-4E01-854B-8977D377AF24}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{588442DD-3D66-4A32-8467-2A77A2A06B61}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{A13074A0-3EF3-4E01-854B-8977D377AF24}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\3BFF6AC3A6E3467D95DE09D85D44524E: "URL" = http://www.google.co...1I7GGNI_roRO509
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014.05.06 06:05:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.05.11 09:30:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.05.11 09:30:03 | 000,000,000 | ---D | M]
 
[2010.12.29 16:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2014.05.14 13:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2014.05.14 13:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions
[2014.05.12 16:14:50 | 000,009,863 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.xpi
[2013.07.04 15:17:50 | 000,000,904 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\searchplugins\yahoo.xml
[2014.05.11 09:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.05.11 09:30:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.05.11 09:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.05.11 09:30:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.05.11 09:30:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
[2014.05.06 06:05:37 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\USERS\ADINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E94GFN82.DEFAULT\EXTENSIONS\[email protected]
[2011.09.16 12:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 18:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.ro/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\
CHR - Extension: YoWindow Weather = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.43_0\
CHR - Extension: SiteAdvisor = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: AdBlock = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Skype Click to Call = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
 
O1 HOSTS File: ([2013.08.07 18:57:26 | 000,000,000 | --S- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.15 12:45:44 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014.05.15 00:13:10 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\zoo catalin
[2014.05.14 15:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2014.05.14 15:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014.05.14 14:44:25 | 000,022,312 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\rsdrv.sys
[2014.05.14 13:04:55 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014.05.14 13:00:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014.05.14 13:00:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014.05.12 19:02:09 | 000,000,000 | ---D | C] -- C:\Intel
[2014.05.12 18:59:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2014.05.12 18:58:33 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2014.05.12 18:58:32 | 001,823,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2014.05.12 18:58:32 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2014.05.12 18:58:31 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2014.05.12 18:58:31 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2014.05.12 18:58:31 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2014.05.12 18:58:30 | 000,606,968 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sltech32.dll
[2014.05.12 18:58:30 | 000,219,896 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\slprp32.dll
[2014.05.12 18:58:29 | 000,964,856 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\slcnt32.dll
[2014.05.12 18:58:29 | 000,827,128 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sl3apo32.dll
[2014.05.12 18:58:29 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2014.05.12 18:58:28 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2014.05.12 18:58:28 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2014.05.12 18:58:23 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2014.05.12 18:58:23 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2014.05.12 18:58:23 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2014.05.12 18:58:23 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2014.05.12 18:58:22 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2014.05.12 18:58:22 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2014.05.12 18:58:17 | 007,162,128 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2014.05.12 18:58:17 | 000,352,016 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2014.05.12 18:58:17 | 000,106,768 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2014.05.12 18:58:17 | 000,091,920 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2014.05.12 18:58:17 | 000,062,224 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2014.05.12 18:58:16 | 005,088,008 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOlfx.dll
[2014.05.12 18:58:16 | 000,890,160 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
[2014.05.12 18:58:15 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2014.05.12 18:58:13 | 011,736,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO30.dll
[2014.05.12 18:58:13 | 003,650,136 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnN.dll
[2014.05.12 18:58:13 | 000,948,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxSpeechAPO.dll
[2014.05.12 18:58:13 | 000,785,520 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO20.dll
[2014.05.12 18:58:11 | 028,031,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnA.dll
[2014.05.12 18:58:10 | 001,687,128 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2014.05.12 18:58:09 | 014,463,064 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2014.05.12 18:58:08 | 001,936,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2014.05.12 18:58:08 | 001,266,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO60.dll
[2014.05.12 18:58:08 | 000,874,584 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO50.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2014.05.12 18:58:07 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2014.05.12 18:58:07 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2014.05.12 18:58:07 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2014.05.12 18:58:06 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2014.05.12 18:57:58 | 002,421,792 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2014.05.12 18:57:58 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2014.05.12 18:57:58 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2014.05.12 18:57:58 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2014.05.12 18:57:58 | 000,426,944 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2014.05.12 18:57:58 | 000,403,392 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2014.05.12 18:57:58 | 000,346,048 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2014.05.12 18:57:57 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2014.05.12 18:57:57 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2014.05.12 18:57:57 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2014.05.12 18:57:57 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2014.05.12 18:57:57 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2014.05.12 18:57:56 | 006,176,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPP32A.dll
[2014.05.12 18:57:56 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2014.05.12 18:57:56 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2014.05.12 18:57:55 | 001,489,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPD32A.dll
[2014.05.12 18:57:55 | 000,272,048 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPO32A.dll
[2014.05.12 18:57:55 | 000,219,312 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPA32.dll
[2014.05.12 18:57:55 | 000,092,584 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2014.05.12 18:10:13 | 000,031,008 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2014.05.12 18:09:54 | 000,109,856 | ---- | C] (IObit) -- C:\Windows\System32\IObitSmartDefragExtension.dll20140512181012.dll
[2014.05.12 15:44:50 | 000,052,928 | ---- | C] (StdLib) -- C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys
[2014.05.12 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\ProductData
[2014.05.12 14:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014.05.12 14:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
[2014.05.12 14:24:27 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\IObit
[2014.05.12 14:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2014.05.12 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Adina\.android
[2014.05.12 14:13:20 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\cache
[2014.05.11 12:02:53 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Teza cu subiect unic sem II 2014 XI-XII
[2014.05.11 09:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.05.09 22:59:34 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\zoo
[2014.05.03 08:38:16 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Fise trimise pt. portofoliu personal 10 F, 10 H 2014
[2014.05.03 08:33:08 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Diplome Haimovici nat. 2014
[2014.05.02 09:05:25 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\EXERCITII PT BAC din CULEGERE 1 RUXI
[2014.04.30 07:26:00 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Anca Secasiu
[2014.04.30 07:25:41 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\cornel
[2014.04.28 17:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014.04.20 10:20:54 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\CEAC 2014
[2014.04.19 09:29:32 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\scoala altfel 2014
[2014.04.19 09:06:48 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\SUBIECTE ADMITERE POLITEHNICA
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.15 18:41:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.15 18:35:31 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.15 18:35:31 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.15 18:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.15 03:30:29 | 007,400,819 | ---- | M] () -- C:\Users\Adina\Desktop\SUBIECTE ADMITERE POLITEHNICA.rar
[2014.05.14 16:35:23 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014.05.14 16:34:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.14 16:34:31 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.14 14:10:32 | 000,000,884 | RHS- | M] () -- C:\Users\Adina\ntuser.pol
[2014.05.12 20:54:52 | 000,002,673 | ---- | M] () -- C:\Users\Public\Desktop\FotoCanvas.lnk
[2014.05.12 19:00:24 | 000,076,472 | ---- | M] () -- C:\Windows\System32\iglhxs32.vp
[2014.05.12 19:00:16 | 000,004,096 | ---- | M] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014.05.12 19:00:10 | 013,913,600 | ---- | M] () -- C:\Windows\System32\ig4icd32.dll
[2014.05.12 19:00:09 | 000,000,146 | ---- | M] () -- C:\Windows\System32\GfxUI.exe.config
[2014.05.12 19:00:06 | 000,136,603 | ---- | M] () -- C:\Windows\System32\Gfxres.ro-RO.resources
[2014.05.12 19:00:05 | 000,131,839 | ---- | M] () -- C:\Windows\System32\Gfxres.hr-HR.resources
[2014.05.12 19:00:05 | 000,124,052 | ---- | M] () -- C:\Windows\System32\Gfxres.en-US.resources
[2014.05.12 18:59:29 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014.05.12 18:58:33 | 001,783,056 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2014.05.12 18:58:32 | 001,823,320 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2014.05.12 18:58:32 | 000,345,328 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2014.05.12 18:58:32 | 000,140,528 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2014.05.12 18:58:31 | 000,185,584 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2014.05.12 18:58:31 | 000,173,296 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2014.05.12 18:58:30 | 000,606,968 | ---- | M] (DTS, Inc.) -- C:\Windows\System32\sltech32.dll
[2014.05.12 18:58:30 | 000,219,896 | ---- | M] (TODO: <Company name>) -- C:\Windows\System32\slprp32.dll
[2014.05.12 18:58:29 | 000,964,856 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\slcnt32.dll
[2014.05.12 18:58:29 | 000,827,128 | ---- | M] (DTS, Inc.) -- C:\Windows\System32\sl3apo32.dll
[2014.05.12 18:58:29 | 000,214,368 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2014.05.12 18:58:28 | 005,804,772 | ---- | M] () -- C:\Windows\System32\drivers\rtvienna.dat
[2014.05.12 18:58:28 | 000,074,080 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2014.05.12 18:58:28 | 000,068,960 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2014.05.12 18:58:23 | 000,359,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2014.05.12 18:58:23 | 000,170,840 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2014.05.12 18:58:23 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2014.05.12 18:58:23 | 000,064,856 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2014.05.12 18:58:22 | 000,757,301 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.05.12 18:58:22 | 000,295,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2014.05.12 18:58:22 | 000,295,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2014.05.12 18:58:17 | 007,162,128 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2014.05.12 18:58:17 | 000,352,016 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2014.05.12 18:58:17 | 000,106,768 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2014.05.12 18:58:17 | 000,091,920 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2014.05.12 18:58:17 | 000,062,224 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2014.05.12 18:58:16 | 005,088,008 | ---- | M] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOlfx.dll
[2014.05.12 18:58:16 | 000,890,160 | ---- | M] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
[2014.05.12 18:58:15 | 000,509,184 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2014.05.12 18:58:14 | 011,736,152 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO30.dll
[2014.05.12 18:58:13 | 003,650,136 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnN.dll
[2014.05.12 18:58:13 | 000,948,336 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxSpeechAPO.dll
[2014.05.12 18:58:13 | 000,785,520 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO20.dll
[2014.05.12 18:58:11 | 028,031,576 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnA.dll
[2014.05.12 18:58:10 | 001,687,128 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2014.05.12 18:58:09 | 014,463,064 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2014.05.12 18:58:08 | 001,936,472 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2014.05.12 18:58:08 | 001,266,776 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO60.dll
[2014.05.12 18:58:08 | 000,874,584 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO50.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2014.05.12 18:58:07 | 000,509,184 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2014.05.12 18:58:07 | 000,232,792 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2014.05.12 18:58:07 | 000,132,368 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2014.05.12 18:58:06 | 000,357,712 | ---- | M] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2014.05.12 18:57:58 | 002,421,792 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2014.05.12 18:57:58 | 001,509,480 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2014.05.12 18:57:58 | 000,631,400 | ---- | M] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2014.05.12 18:57:58 | 000,601,704 | ---- | M] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2014.05.12 18:57:58 | 000,426,944 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2014.05.12 18:57:58 | 000,403,392 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2014.05.12 18:57:58 | 000,346,048 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2014.05.12 18:57:57 | 001,292,904 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2014.05.12 18:57:57 | 000,458,344 | ---- | M] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2014.05.12 18:57:57 | 000,389,736 | ---- | M] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2014.05.12 18:57:57 | 000,375,400 | ---- | M] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2014.05.12 18:57:57 | 000,218,216 | ---- | M] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2014.05.12 18:57:56 | 006,176,944 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPP32A.dll
[2014.05.12 18:57:56 | 001,220,200 | ---- | M] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2014.05.12 18:57:56 | 000,654,952 | ---- | M] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2014.05.12 18:57:55 | 001,489,072 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPD32A.dll
[2014.05.12 18:57:55 | 000,272,048 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPO32A.dll
[2014.05.12 18:57:55 | 000,219,312 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPA32.dll
[2014.05.12 18:57:55 | 000,092,584 | ---- | M] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2014.05.12 18:57:54 | 000,502,584 | ---- | M] () -- C:\Windows\System32\audioLibVc.dll
[2014.05.12 18:57:53 | 000,188,696 | ---- | M] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2014.05.12 18:47:45 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014.05.12 18:47:45 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Driver Booster Scan.job
[2014.05.12 14:29:29 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014.05.09 14:58:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf6b7df7503398.job
[2014.05.05 20:12:22 | 000,748,684 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014.05.05 20:12:22 | 000,665,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.05.05 20:12:22 | 000,150,548 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014.05.05 20:12:22 | 000,123,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.04.30 07:02:34 | 000,041,848 | ---- | M] () -- C:\Users\Adina\Desktop\Teza11_semII_2014.pdf
[2014.04.28 17:09:25 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.04.24 12:36:02 | 000,052,928 | ---- | M] (StdLib) -- C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys
[2014.04.17 21:39:21 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014.04.17 21:39:19 | 000,038,434 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2014.04.17 21:37:47 | 000,038,443 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Comma Separated Values (Windows).ADR
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.05.15 03:30:26 | 007,400,819 | ---- | C] () -- C:\Users\Adina\Desktop\SUBIECTE ADMITERE POLITEHNICA.rar
[2014.05.12 19:00:24 | 000,076,472 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2014.05.12 19:00:16 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014.05.12 19:00:10 | 013,913,600 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2014.05.12 19:00:09 | 000,000,146 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2014.05.12 19:00:06 | 000,136,603 | ---- | C] () -- C:\Windows\System32\Gfxres.ro-RO.resources
[2014.05.12 19:00:05 | 000,131,839 | ---- | C] () -- C:\Windows\System32\Gfxres.hr-HR.resources
[2014.05.12 19:00:04 | 000,124,052 | ---- | C] () -- C:\Windows\System32\Gfxres.en-US.resources
[2014.05.12 18:59:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014.05.12 18:58:27 | 005,804,772 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2014.05.12 18:58:22 | 000,757,301 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.05.12 18:57:54 | 000,502,584 | ---- | C] () -- C:\Windows\System32\audioLibVc.dll
[2014.05.12 18:57:53 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2014.05.12 18:47:45 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\Driver Booster Update.job
[2014.05.12 18:47:45 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\Driver Booster Scan.job
[2014.05.12 14:29:29 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014.05.09 14:58:18 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf6b7df7503398.job
[2014.04.30 07:02:33 | 000,041,848 | ---- | C] () -- C:\Users\Adina\Desktop\Teza11_semII_2014.pdf
[2014.04.17 21:39:19 | 000,038,434 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2014.04.17 21:37:47 | 000,038,443 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013.07.05 05:31:20 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wspspodsini.dll
[2013.07.05 05:28:42 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2013.07.05 05:27:58 | 000,000,884 | RHS- | C] () -- C:\Users\Adina\ntuser.pol
[2013.02.18 19:39:36 | 000,040,344 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.11.07 19:25:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ADINA-PC-Microsoft-Windows-7-Enterprise-(32-bit).dat
[2012.07.08 16:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2011.12.15 22:31:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.05.13 19:37:46 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.17 14:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 22:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.02.19 15:57:07 | 000,023,552 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 19:57:00 | 000,004,096 | ---- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.29 16:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 05:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010.11.20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.01.21 22:59:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ACD Systems
[2011.04.14 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\adma
[2014.05.10 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AIMP3
[2011.06.21 19:43:24 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Auslogics
[2011.09.18 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AutoCorect Contemporan
[2013.11.05 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Battle.net
[2014.02.04 23:19:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer
[2011.01.08 20:58:08 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer Pro
[2011.06.20 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Canon
[2012.01.16 03:03:56 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.16 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014.05.12 20:06:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2011.09.10 11:13:00 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Design Science
[2013.10.27 11:32:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Dropbox
[2013.04.03 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2011.01.25 12:50:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\FireShot
[2010.12.29 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Foxit Software
[2011.06.26 18:47:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GrabPro
[2011.10.02 01:55:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ImTOO Software Studio
[2014.05.15 12:46:04 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IObit
[2011.05.22 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IrfanView
[2011.03.19 17:06:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\iSpring Solutions
[2011.02.20 23:43:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Leadertech
[2013.09.10 14:48:59 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Mp3tag
[2011.09.27 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Multimedia Player
[2011.04.19 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Nitro PDF
[2012.11.13 02:06:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Notepad++
[2012.05.22 18:49:43 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Octoshape
[2011.09.27 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\PC Suite
[2014.05.12 14:27:09 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ProductData
[2011.06.26 18:47:21 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ProgSense
[2013.07.04 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\QuickScan
[2013.11.01 12:38:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Rovio
[2014.02.22 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Rovio Entertainment Ltd
[2011.11.22 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Samsung
[2012.12.17 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.09 15:57:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TeamViewer
[2012.03.31 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Total Eclipse
[2014.04.28 15:26:02 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\uTorrent
[2011.09.13 17:08:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Webshots
[2013.08.22 00:23:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\WinPatrol
[2012.09.02 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Xilisoft
[2010.12.29 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.10.01 07:31:32 | 098,602,865 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\ઙb
[2013.10.01 07:31:32 | 098,602,865 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\ઙb
[2013.10.01 00:12:52 | 098,541,442 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\鵃윊b
[2013.09.30 12:12:38 | 098,541,442 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\鵃윊b
[2013.09.28 23:25:04 | 098,442,955 | ---- | M] ()(C:\Windows\System32\???i) -- C:\Windows\System32\㔵ᜯi
[2013.09.28 05:24:45 | 098,442,955 | ---- | C] ()(C:\Windows\System32\???i) -- C:\Windows\System32\㔵ᜯi
[2013.09.26 21:18:02 | 098,009,570 | ---- | M] ()(C:\Windows\System32\???V) -- C:\Windows\System32\鰔㫧V
[2013.09.26 15:17:50 | 098,009,570 | ---- | C] ()(C:\Windows\System32\???V) -- C:\Windows\System32\鰔㫧V
[2013.09.22 19:09:03 | 098,597,466 | ---- | M] ()(C:\Windows\System32\???d) -- C:\Windows\System32\鶹咒d
[2013.09.22 13:08:52 | 098,597,466 | ---- | C] ()(C:\Windows\System32\???d) -- C:\Windows\System32\鶹咒d
[2013.09.19 19:11:19 | 098,378,485 | ---- | M] ()(C:\Windows\System32\???h) -- C:\Windows\System32\젻h
[2013.09.19 13:10:18 | 098,378,485 | ---- | C] ()(C:\Windows\System32\???h) -- C:\Windows\System32\젻h
[2013.09.18 18:55:11 | 098,159,724 | ---- | M] ()(C:\Windows\System32\???d) -- C:\Windows\System32\鳑煛d
[2013.09.18 12:55:22 | 098,159,724 | ---- | C] ()(C:\Windows\System32\???d) -- C:\Windows\System32\鳑煛d
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >

Edited by Kristina, 15 May 2014 - 12:36 PM.

  • 0

Advertisements

#2
Pyxis
Posted 16 May 2014 - 09:14 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:
  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis
Posted 17 May 2014 - 11:34 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    Certain programs will hinder the cleaning process. As such, I ask that you uninstall all the below programs to ensure no such conflict arises. Note that you may choose to disable these instead. However, for a more hassle-free solution in the long run, I recommend removing them now and later re-installing them once I declare you clean:
    • SUPERAntiSpyware
    I advise you to uninstall all of the above programs through Control Panel > Add or Remove Programs (Windows XP) or Control Panel > Programs and Features > Uninstall a Program (Windows Vista & Windows 7):
    If you are having difficulties, please tell me.
  • Step 2

    Run your copy of OTL by double-clicking it.
    • Copy and paste the following into the Custom Scans/Fixes box:
      :Commands
[createrestorepoint]
:OTL
SRV - [2014.04.08 17:24:28 | 002,152,768 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
DRV - [2014.04.24 12:36:02 | 000,052,928 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys -- ({0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {A13074A0-3EF3-4E01-854B-8977D377AF24}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{588442DD-3D66-4A32-8467-2A77A2A06B61}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{A13074A0-3EF3-4E01-854B-8977D377AF24}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\3BFF6AC3A6E3467D95DE09D85D44524E: "URL" = http://www.google.co...1I7GGNI_roRO509
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\ADINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E94GFN82.DEFAULT\EXTENSIONS\[email protected]
[2014.05.14 13:04:55 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014.05.14 13:00:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014.05.12 18:10:13 | 000,031,008 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2014.05.12 18:09:54 | 000,109,856 | ---- | C] (IObit) -- C:\Windows\System32\IObitSmartDefragExtension.dll20140512181012.dll
[2014.05.12 15:44:50 | 000,052,928 | ---- | C] (StdLib) -- C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys
[2014.05.12 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\ProductData
[2014.05.12 14:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014.05.12 14:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
[2014.05.12 14:24:27 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\IObit
[2014.05.12 14:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2014.05.12 18:59:29 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014.05.12 18:47:45 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014.05.12 18:47:45 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Driver Booster Scan.job
[2014.04.24 12:36:02 | 000,052,928 | ---- | M] (StdLib) -- C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys
[2011.12.15 22:31:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.05.13 19:37:46 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2014.05.15 12:46:04 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IObit
[2013.10.01 07:31:32 | 098,602,865 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\ઙb
[2013.10.01 07:31:32 | 098,602,865 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\ઙb
[2013.10.01 00:12:52 | 098,541,442 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\鵃윊b
[2013.09.30 12:12:38 | 098,541,442 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\鵃윊b
[2013.09.28 23:25:04 | 098,442,955 | ---- | M] ()(C:\Windows\System32\???i) -- C:\Windows\System32\㔵ᜯi
[2013.09.28 05:24:45 | 098,442,955 | ---- | C] ()(C:\Windows\System32\???i) -- C:\Windows\System32\㔵ᜯi
[2013.09.26 21:18:02 | 098,009,570 | ---- | M] ()(C:\Windows\System32\???V) -- C:\Windows\System32\鰔㫧V
[2013.09.26 15:17:50 | 098,009,570 | ---- | C] ()(C:\Windows\System32\???V) -- C:\Windows\System32\鰔㫧V
[2013.09.22 19:09:03 | 098,597,466 | ---- | M] ()(C:\Windows\System32\???d) -- C:\Windows\System32\鶹咒d
[2013.09.22 13:08:52 | 098,597,466 | ---- | C] ()(C:\Windows\System32\???d) -- C:\Windows\System32\鶹咒d
[2013.09.19 19:11:19 | 098,378,485 | ---- | M] ()(C:\Windows\System32\???h) -- C:\Windows\System32\젻h
[2013.09.19 13:10:18 | 098,378,485 | ---- | C] ()(C:\Windows\System32\???h) -- C:\Windows\System32\젻h
[2013.09.18 18:55:11 | 098,159,724 | ---- | M] ()(C:\Windows\System32\???d) -- C:\Windows\System32\鳑煛d
[2013.09.18 12:55:22 | 098,159,724 | ---- | C] ()(C:\Windows\System32\???d) -- C:\Windows\System32\鳑煛d
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
O4 - HKCU..\Run: [AdobeBridge] File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
:Commands
[emptytemp]
[resethosts]

      cF4ib.png

    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'aswMBR by avast!' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Once prompted to download the database, click No.
    • Choose None for the AV Scan option.
    • Press Scan. Once done, click Save Log and choose your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 5

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      SNBlQhy.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
Userinit.exe
svchost.exe
/md5stop
    • Click Run Scan.
    • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
    • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)
    • Extras.txt (OTL)
    • OTL.txt (OTL)
    • AdwCleaner[S*].txt (AdwCleaner)
    • aswMBR.txt (aswMBR)

Edited by Pyxis, 17 May 2014 - 11:35 AM.

  • 0

#4
Kristina
Posted 18 May 2014 - 04:37 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

I ran OTL with the fixes, but it blocked and I had to restart the computer. I ran it agaim, second time it completed the scan but gave an error "instruction 0x... could not be read".

 

 

OTL log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service LiveUpdateSvc stopped successfully!
Service LiveUpdateSvc deleted successfully!
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe moved successfully.
Error: No service named StdLib was found to stop!
Service\Driver key StdLib not found.
C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{588442DD-3D66-4A32-8467-2A77A2A06B61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588442DD-3D66-4A32-8467-2A77A2A06B61}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A13074A0-3EF3-4E01-854B-8977D377AF24}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A13074A0-3EF3-4E01-854B-8977D377AF24}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
Prefs.js: "http://search.yahoo.....type=198484&p=" removed from keyword.URL
C:\Windows\tasks\ImCleanDisabled folder moved successfully.
Folder 14.05.14 13:00:40 | 000,000,000 | -HSD | C] --\ not found.
C:\Windows\System32\SmartDefragBootTime.exe moved successfully.
C:\Windows\System32\IObitSmartDefragExtension.dll20140512181012.dll moved successfully.
File C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys not found.
C:\Users\Adina\AppData\Roaming\ProductData folder moved successfully.
C:\ProgramData\ProductData folder moved successfully.
C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Smart Defrag 3 folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\Startup Manager folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\SmartRAM folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\Registrycleaner\backup\Registry folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\Registrycleaner\backup folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\Registrycleaner folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\DiskCleaner folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\DiskCheck folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Adina\AppData\Roaming\IObit folder moved successfully.
C:\Program Files\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files\IObit\LiveUpdate folder moved successfully.
C:\Program Files\IObit\Driver Booster folder moved successfully.
C:\Program Files\IObit folder moved successfully.
C:\ProgramData\DP45977C.lfl moved successfully.
File 14.05.12 18:47:45 | 000,000,272 | ---- | M] () -- not found.
C:\Windows\Tasks\Driver Booster Scan.job moved successfully.
File C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys not found.
C:\ProgramData\PKP_DLes.DAT moved successfully.
C:\ProgramData\PKP_DLev.DAT moved successfully.
C:\ProgramData\PKP_DLet.DAT moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
Folder C:\Users\Adina\AppData\Roaming\IObit\ not found.
C:\Windows\System32\ઙb moved successfully.
File C:\Windows\System32\ઙb not found.
File 13.10.01 00:12:52 | 098,541,442 | ---- | M] not found.
C:\Windows\System32\鵃윊b moved successfully.
C:\Windows\System32\㔵ᜯi moved successfully.
File C:\Windows\System32\㔵ᜯi not found.
C:\Windows\System32\鰔㫧V moved successfully.
File C:\Windows\System32\鰔㫧V not found.
C:\Windows\System32\鶹咒d moved successfully.
File C:\Windows\System32\鶹咒d not found.
File 13.09.19 19:11:19 | 098,378,485 | not found.
C:\Windows\System32\젻h moved successfully.
C:\Windows\System32\鳑煛d moved successfully.
File C:\Windows\System32\鳑煛d not found.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Adina
->Temp folder emptied: 67305790 bytes
->Temporary Internet Files folder emptied: 2110360 bytes
->Java cache emptied: 33564788 bytes
->FireFox cache emptied: 91693177 bytes
->Google Chrome cache emptied: 279262180 bytes
->Flash cache emptied: 746 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 24780832 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2293562 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3930215 bytes
 
Total Files Cleaned = 482,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.70.2 log created on 05182014_155409
 
Files\Folders moved on Reboot...
C:\Users\Adina\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
 
 
 

# AdwCleaner v3.208 - Report created 18/05/2014 at 16:06:37
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : Adina - ADINA-PC
# Running from : C:\Users\Adina\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Adina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Public\Documents\iWin
File Deleted : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\Extensions\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.xpi
File Deleted : C:\Users\Adina\daemonprocess.txt
File Deleted : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\searchplugins\ask-web-search.xml
File Deleted : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\searchplugins\bingp.xml
File Deleted : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\user.js
File Deleted : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\user.js
File Deleted : C:\Program Files\Mozilla Firefox\user.js
File Deleted : C:\Windows\Tasks\Driver Booster Update.job
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AF314BD-A111-4F60-A0BF-9E81F1DFE2D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_internet-explorer-10-preview_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_internet-explorer-10-preview_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_jpg-cleaner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_jpg-cleaner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-burning-rom_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-burning-rom_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\prefs.js ]
 
 
[ File : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\prefs.js ]
 
Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
 
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1sq91csa.default\prefs.js ]
 
 
-\\ Google Chrome v28.0.1500.71
 
[ File : C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
*************************
 
AdwCleaner[R0].txt - [5287 octets] - [18/05/2014 16:05:17]
AdwCleaner[S0].txt - [5265 octets] - [18/05/2014 16:06:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5325 octets] ##########
 
 
 
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-18 16:10:58
-----------------------------
16:10:58.900    OS Version: Windows 6.1.7601 Service Pack 1
16:10:58.900    Number of processors: 4 586 0x2505
16:10:58.901    ComputerName: ADINA-PC  UserName: Adina
16:10:59.313    Initialize success
16:11:17.856    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:11:17.858    Disk 0 Vendor: WDC_WD2500AAJB-00WGA0 00.02C01 Size: 238475MB BusType: 3
16:11:17.859    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4
16:11:17.861    Disk 1 Vendor: WDC_WD5000AAKS-00A7B2 01.03B01 Size: 476940MB BusType: 11
16:11:17.943    Disk 1 MBR read successfully
16:11:17.946    Disk 1 MBR scan
16:11:17.948    Disk 1 Windows 7 default MBR code
16:11:17.953    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:11:17.959    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS        99899 MB offset 206848
16:11:17.976    Disk 1 Partition 3 00     07    HPFS/NTFS NTFS       376938 MB offset 204800000
16:11:17.980    Disk 1 scanning sectors +976769024
16:11:18.025    Disk 1 scanning C:\Windows\system32\drivers
16:11:24.434    Service scanning
16:11:35.081    Modules scanning
16:11:40.674    Disk 1 trace - called modules:
16:11:40.685    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys srv.sys 
16:11:40.690    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86492030]
16:11:40.694    3 CLASSPNP.SYS[8be0459e] -> nt!IofCallDriver -> [0x8630fc10]
16:11:40.698    5 ACPI.sys[8bca33d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85f5b908]
16:11:40.701    Scan finished successfully
16:11:52.026    Disk 1 MBR has been saved successfully to "C:\Users\Adina\Desktop\MBR.dat"
16:11:52.039    The log file has been saved successfully to "C:\Users\Adina\Desktop\aswMBR.txt"
 
 
 
 
 
 

OTL logfile created on: 18.05.2014 16:12:46 - Run 6
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Adina\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy
 
3,30 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 58,67% Memory free
4,30 Gb Paging File | 2,62 Gb Available in Paging File | 60,83% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 23,62 Gb Free Space | 24,21% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 60,52 Gb Free Space | 16,44% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 173,11 Gb Free Space | 74,33% Space Free | Partition Type: NTFS
Drive H: | 2794,51 Gb Total Space | 2370,67 Gb Free Space | 84,83% Space Free | Partition Type: NTFS
 
Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.05.18 15:53:12 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL (1).exe
PRC - [2014.05.12 16:59:10 | 000,133,184 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2014.05.05 10:38:00 | 000,182,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014.05.05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014.03.13 14:13:52 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014.03.13 14:13:46 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.03.13 14:13:46 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.12.18 16:57:21 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.07.03 08:10:29 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.23 05:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.05 10:37:58 | 000,138,320 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014.05.05 10:37:52 | 000,049,744 | ---- | M] () -- C:\Users\Adina\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014.02.14 02:48:35 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014.02.14 02:47:43 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014.02.14 02:47:17 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014.02.14 02:46:24 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014.02.14 02:46:23 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014.02.14 01:54:50 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.02.14 01:54:35 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.02.14 01:54:32 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014.02.14 01:54:30 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014.02.14 01:54:28 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014.02.14 01:54:25 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.02.14 01:54:22 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014.02.14 01:54:22 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014.02.14 01:54:20 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014.02.14 01:54:20 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014.02.14 01:54:15 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.02.14 01:54:14 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.02.14 01:54:13 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.02.14 01:54:11 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014.02.14 01:54:08 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.02.14 01:54:07 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.02.14 01:54:06 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.02.14 01:54:02 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014.02.14 01:54:00 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013.07.03 08:10:26 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppgooglenaclpluginchrome.dll
MOD - [2013.07.03 08:10:23 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
MOD - [2013.07.03 08:09:27 | 000,601,552 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libglesv2.dll
MOD - [2013.07.03 08:09:26 | 000,123,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libegl.dll
MOD - [2013.07.03 08:09:23 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ffmpegsumo.dll
MOD - [2009.05.16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008.12.06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014.05.13 23:29:06 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.12 16:59:10 | 000,133,184 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014.05.11 09:30:07 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.05.05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014.03.13 14:13:52 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.03.13 14:13:46 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.03.06 10:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.10.09 11:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.03 20:58:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () [Auto | Start_Pending] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Stopped] -- C:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (gdrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Adina\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys -- ({0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw)
DRV - [2014.05.12 19:03:11 | 000,270,336 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2013.12.18 16:57:39 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.12.18 16:57:39 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.10.01 14:17:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.08.08 12:57:32 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.18 19:39:36 | 000,040,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 17:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.11.06 05:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2009.09.17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.02.12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 20:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 16:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014.05.16 06:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.05.11 09:30:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.05.11 09:30:03 | 000,000,000 | ---D | M]
 
[2010.12.29 16:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2014.05.18 16:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2014.05.14 13:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions
[2013.07.04 15:17:50 | 000,000,904 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\searchplugins\yahoo.xml
[2014.05.11 09:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.05.11 09:30:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.05.11 09:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.05.11 09:30:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.05.11 09:30:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
[2014.05.16 06:54:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\USERS\ADINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E94GFN82.DEFAULT\EXTENSIONS\[email protected]
[2011.09.16 12:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 18:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.ro/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\
CHR - Extension: YoWindow Weather = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.43_0\
CHR - Extension: SiteAdvisor = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: AdBlock = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Skype Click to Call = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
 
O1 HOSTS File: ([2013.08.07 18:57:26 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.18 16:10:00 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Adina\Desktop\aswMBR.exe
[2014.05.18 16:05:40 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.05.18 16:04:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.05.18 15:53:09 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL (1).exe
[2014.05.16 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\DropboxMaster
[2014.05.15 12:45:44 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014.05.14 15:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2014.05.14 15:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014.05.14 14:44:25 | 000,022,312 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\rsdrv.sys
[2014.05.14 13:52:45 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.05.14 13:52:16 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014.05.14 13:52:16 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014.05.14 13:52:16 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2014.05.14 13:52:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll
[2014.05.14 13:52:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll
[2014.05.14 13:52:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll
[2014.05.14 13:52:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll
[2014.05.14 13:52:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2014.05.14 13:52:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll
[2014.05.14 13:52:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2014.05.14 13:00:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014.05.14 13:00:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014.05.12 19:03:11 | 000,270,336 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\drivers\IntcDAud.sys
[2014.05.12 19:02:09 | 000,000,000 | ---D | C] -- C:\Intel
[2014.05.12 19:00:41 | 008,196,080 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\TVWSetup.exe
[2014.05.12 19:00:24 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v2993.dll
[2014.05.12 19:00:22 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2014.05.12 19:00:22 | 000,260,608 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2014.05.12 19:00:21 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrom.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2014.05.12 19:00:21 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2014.05.12 19:00:20 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2014.05.12 19:00:20 | 000,281,600 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2014.05.12 19:00:20 | 000,281,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2014.05.12 19:00:19 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2014.05.12 19:00:19 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhrv.lrc
[2014.05.12 19:00:19 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2014.05.12 19:00:19 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2014.05.12 19:00:19 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2014.05.12 19:00:18 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc
[2014.05.12 19:00:18 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2014.05.12 19:00:17 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2014.05.12 19:00:17 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2014.05.12 19:00:17 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2014.05.12 19:00:17 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2014.05.12 19:00:17 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2014.05.12 19:00:17 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2014.05.12 19:00:16 | 000,246,784 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcmrt32.dll
[2014.05.12 19:00:16 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2014.05.12 19:00:16 | 000,120,320 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2014.05.12 19:00:16 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2014.05.12 19:00:15 | 002,191,872 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcmjit32.dll
[2014.05.12 19:00:08 | 004,701,168 | ---- | C] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe
[2014.05.12 19:00:07 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll
[2014.05.12 18:59:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2014.05.12 18:58:33 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2014.05.12 18:58:32 | 001,823,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2014.05.12 18:58:32 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2014.05.12 18:58:32 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2014.05.12 18:58:32 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2014.05.12 18:58:32 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2014.05.12 18:58:32 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2014.05.12 18:58:31 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2014.05.12 18:58:31 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2014.05.12 18:58:31 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2014.05.12 18:58:30 | 000,606,968 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sltech32.dll
[2014.05.12 18:58:30 | 000,219,896 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\slprp32.dll
[2014.05.12 18:58:29 | 000,964,856 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\slcnt32.dll
[2014.05.12 18:58:29 | 000,919,600 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2014.05.12 18:58:29 | 000,827,128 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sl3apo32.dll
[2014.05.12 18:58:29 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2014.05.12 18:58:28 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2014.05.12 18:58:28 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2014.05.12 18:58:27 | 001,892,056 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2014.05.12 18:58:26 | 002,559,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2014.05.12 18:58:25 | 000,915,160 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2014.05.12 18:58:25 | 000,782,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2014.05.12 18:58:25 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2014.05.12 18:58:24 | 002,467,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2014.05.12 18:58:23 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2014.05.12 18:58:23 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2014.05.12 18:58:23 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2014.05.12 18:58:23 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2014.05.12 18:58:22 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2014.05.12 18:58:22 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2014.05.12 18:58:18 | 056,270,336 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2014.05.12 18:58:17 | 007,162,128 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2014.05.12 18:58:17 | 000,352,016 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2014.05.12 18:58:17 | 000,106,768 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2014.05.12 18:58:17 | 000,091,920 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2014.05.12 18:58:17 | 000,062,224 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2014.05.12 18:58:16 | 005,088,008 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOlfx.dll
[2014.05.12 18:58:16 | 000,890,160 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
[2014.05.12 18:58:16 | 000,852,016 | ---- | C] (Sony Corporation) -- C:\Windows\System32\MISS_APO.dll
[2014.05.12 18:58:15 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2014.05.12 18:58:13 | 011,736,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO30.dll
[2014.05.12 18:58:13 | 003,650,136 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnN.dll
[2014.05.12 18:58:13 | 000,948,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxSpeechAPO.dll
[2014.05.12 18:58:13 | 000,785,520 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO20.dll
[2014.05.12 18:58:11 | 028,031,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnA.dll
[2014.05.12 18:58:10 | 001,687,128 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2014.05.12 18:58:09 | 014,463,064 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2014.05.12 18:58:08 | 001,936,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2014.05.12 18:58:08 | 001,266,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO60.dll
[2014.05.12 18:58:08 | 000,874,584 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO50.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2014.05.12 18:58:07 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2014.05.12 18:58:07 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2014.05.12 18:58:07 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2014.05.12 18:58:06 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2014.05.12 18:57:58 | 002,421,792 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2014.05.12 18:57:58 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2014.05.12 18:57:58 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2014.05.12 18:57:58 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2014.05.12 18:57:58 | 000,426,944 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2014.05.12 18:57:58 | 000,403,392 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2014.05.12 18:57:58 | 000,346,048 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2014.05.12 18:57:57 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2014.05.12 18:57:57 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2014.05.12 18:57:57 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2014.05.12 18:57:57 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2014.05.12 18:57:57 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2014.05.12 18:57:56 | 006,176,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPP32A.dll
[2014.05.12 18:57:56 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2014.05.12 18:57:56 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2014.05.12 18:57:55 | 001,489,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPD32A.dll
[2014.05.12 18:57:55 | 000,272,048 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPO32A.dll
[2014.05.12 18:57:55 | 000,219,312 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPA32.dll
[2014.05.12 18:57:55 | 000,092,584 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2014.05.12 18:57:54 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2014.05.12 18:57:53 | 000,182,472 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2014.05.12 18:57:11 | 000,076,872 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RtNicProp32.dll
[2014.05.12 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Adina\.android
[2014.05.12 14:13:20 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\cache
[2014.05.11 12:02:53 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Teza cu subiect unic sem II 2014 XI-XII
[2014.05.11 09:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.05.09 22:59:34 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\zoo
[2014.05.03 08:38:16 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Fise trimise pt. portofoliu personal 10 F, 10 H 2014
[2014.05.03 08:33:08 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Diplome Haimovici nat. 2014
[2014.05.02 09:05:25 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\EXERCITII PT BAC din CULEGERE 1 RUXI
[2014.04.30 07:26:00 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Anca Secasiu
[2014.04.30 07:25:41 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\cornel
[2014.04.29 21:47:49 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.04.29 21:47:47 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.04.29 21:47:47 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.04.29 21:47:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.04.29 21:47:46 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.04.29 21:47:46 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.04.29 21:47:46 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.04.29 21:47:45 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.04.29 21:47:45 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.04.29 21:47:45 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.04.29 21:47:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.04.29 21:47:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.04.29 21:47:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.04.29 21:47:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.04.29 21:47:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.04.29 21:47:44 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.04.29 21:47:44 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.04.29 21:47:42 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.04.29 21:47:40 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.04.28 17:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014.04.20 10:20:54 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\CEAC 2014
[2014.04.19 09:29:32 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\scoala altfel 2014
[2014.04.19 09:06:48 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\SUBIECTE ADMITERE POLITEHNICA
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.18 16:10:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Adina\Desktop\aswMBR.exe
[2014.05.18 16:08:35 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014.05.18 16:07:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.18 16:07:40 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.18 16:07:05 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.18 16:07:05 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.18 16:04:23 | 001,325,827 | ---- | M] () -- C:\Users\Adina\Desktop\AdwCleaner.exe
[2014.05.18 15:53:12 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL (1).exe
[2014.05.18 15:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.18 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.15 03:30:29 | 007,400,819 | ---- | M] () -- C:\Users\Adina\Desktop\SUBIECTE ADMITERE POLITEHNICA.rar
[2014.05.14 14:10:32 | 000,000,884 | RHS- | M] () -- C:\Users\Adina\ntuser.pol
[2014.05.13 23:29:06 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.05.13 23:29:06 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.05.12 20:54:52 | 000,002,673 | ---- | M] () -- C:\Users\Public\Desktop\FotoCanvas.lnk
[2014.05.12 19:03:11 | 000,270,336 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\IntcDAud.sys
[2014.05.12 19:00:42 | 008,196,080 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\TVWSetup.exe
[2014.05.12 19:00:24 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v2993.dll
[2014.05.12 19:00:24 | 000,076,472 | ---- | M] () -- C:\Windows\System32\iglhxs32.vp
[2014.05.12 19:00:22 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2014.05.12 19:00:22 | 000,260,608 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2014.05.12 19:00:22 | 000,057,856 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2014.05.12 19:00:21 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrrom.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2014.05.12 19:00:21 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2014.05.12 19:00:20 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2014.05.12 19:00:20 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2014.05.12 19:00:20 | 000,281,600 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2014.05.12 19:00:20 | 000,281,088 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2014.05.12 19:00:19 | 000,285,184 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2014.05.12 19:00:19 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrhrv.lrc
[2014.05.12 19:00:19 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2014.05.12 19:00:19 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2014.05.12 19:00:18 | 009,030,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2014.05.12 19:00:18 | 000,285,184 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc
[2014.05.12 19:00:18 | 000,285,184 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2014.05.12 19:00:17 | 000,306,688 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2014.05.12 19:00:17 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2014.05.12 19:00:17 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2014.05.12 19:00:17 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2014.05.12 19:00:17 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2014.05.12 19:00:17 | 000,280,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2014.05.12 19:00:17 | 000,280,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2014.05.12 19:00:16 | 000,246,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcmrt32.dll
[2014.05.12 19:00:16 | 000,130,048 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2014.05.12 19:00:16 | 000,120,320 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2014.05.12 19:00:16 | 000,024,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2014.05.12 19:00:16 | 000,004,096 | ---- | M] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014.05.12 19:00:15 | 002,191,872 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcmjit32.dll
[2014.05.12 19:00:15 | 000,581,120 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2014.05.12 19:00:14 | 006,324,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2014.05.12 19:00:12 | 007,988,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igd10umd32.dll
[2014.05.12 19:00:10 | 013,913,600 | ---- | M] () -- C:\Windows\System32\ig4icd32.dll
[2014.05.12 19:00:09 | 000,096,256 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2014.05.12 19:00:09 | 000,000,146 | ---- | M] () -- C:\Windows\System32\GfxUI.exe.config
[2014.05.12 19:00:08 | 004,701,168 | ---- | M] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe
[2014.05.12 19:00:08 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll
[2014.05.12 19:00:06 | 000,136,603 | ---- | M] () -- C:\Windows\System32\Gfxres.ro-RO.resources
[2014.05.12 19:00:05 | 000,131,839 | ---- | M] () -- C:\Windows\System32\Gfxres.hr-HR.resources
[2014.05.12 19:00:05 | 000,124,052 | ---- | M] () -- C:\Windows\System32\Gfxres.en-US.resources
[2014.05.12 18:58:33 | 001,783,056 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2014.05.12 18:58:32 | 001,823,320 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2014.05.12 18:58:32 | 001,379,760 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2014.05.12 18:58:32 | 000,819,648 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2014.05.12 18:58:32 | 000,345,328 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2014.05.12 18:58:32 | 000,140,528 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2014.05.12 18:58:32 | 000,134,584 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2014.05.12 18:58:32 | 000,058,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2014.05.12 18:58:31 | 000,185,584 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2014.05.12 18:58:31 | 000,173,296 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2014.05.12 18:58:30 | 000,606,968 | ---- | M] (DTS, Inc.) -- C:\Windows\System32\sltech32.dll
[2014.05.12 18:58:30 | 000,219,896 | ---- | M] (TODO: <Company name>) -- C:\Windows\System32\slprp32.dll
[2014.05.12 18:58:29 | 000,964,856 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\slcnt32.dll
[2014.05.12 18:58:29 | 000,919,600 | ---- | M] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2014.05.12 18:58:29 | 000,827,128 | ---- | M] (DTS, Inc.) -- C:\Windows\System32\sl3apo32.dll
[2014.05.12 18:58:29 | 000,214,368 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2014.05.12 18:58:28 | 005,804,772 | ---- | M] () -- C:\Windows\System32\drivers\rtvienna.dat
[2014.05.12 18:58:28 | 000,074,080 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2014.05.12 18:58:28 | 000,068,960 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2014.05.12 18:58:27 | 001,892,056 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2014.05.12 18:58:26 | 002,559,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2014.05.12 18:58:25 | 000,915,160 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2014.05.12 18:58:25 | 000,782,040 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2014.05.12 18:58:25 | 000,013,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2014.05.12 18:58:24 | 002,467,544 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2014.05.12 18:58:23 | 000,359,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2014.05.12 18:58:23 | 000,170,840 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2014.05.12 18:58:23 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2014.05.12 18:58:23 | 000,064,856 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2014.05.12 18:58:22 | 000,757,301 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.05.12 18:58:22 | 000,295,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2014.05.12 18:58:22 | 000,295,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2014.05.12 18:58:18 | 056,270,336 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2014.05.12 18:58:17 | 007,162,128 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2014.05.12 18:58:17 | 000,352,016 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2014.05.12 18:58:17 | 000,106,768 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2014.05.12 18:58:17 | 000,091,920 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2014.05.12 18:58:17 | 000,062,224 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2014.05.12 18:58:16 | 005,088,008 | ---- | M] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOlfx.dll
[2014.05.12 18:58:16 | 000,890,160 | ---- | M] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
[2014.05.12 18:58:16 | 000,852,016 | ---- | M] (Sony Corporation) -- C:\Windows\System32\MISS_APO.dll
[2014.05.12 18:58:15 | 000,509,184 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2014.05.12 18:58:14 | 011,736,152 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO30.dll
[2014.05.12 18:58:13 | 003,650,136 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnN.dll
[2014.05.12 18:58:13 | 000,948,336 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxSpeechAPO.dll
[2014.05.12 18:58:13 | 000,785,520 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO20.dll
[2014.05.12 18:58:11 | 028,031,576 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnA.dll
[2014.05.12 18:58:10 | 001,687,128 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2014.05.12 18:58:09 | 014,463,064 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2014.05.12 18:58:08 | 001,936,472 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2014.05.12 18:58:08 | 001,266,776 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO60.dll
[2014.05.12 18:58:08 | 000,874,584 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO50.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2014.05.12 18:58:07 | 000,509,184 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2014.05.12 18:58:07 | 000,232,792 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2014.05.12 18:58:07 | 000,132,368 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2014.05.12 18:58:06 | 000,357,712 | ---- | M] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2014.05.12 18:57:58 | 002,421,792 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2014.05.12 18:57:58 | 001,509,480 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2014.05.12 18:57:58 | 000,631,400 | ---- | M] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2014.05.12 18:57:58 | 000,601,704 | ---- | M] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2014.05.12 18:57:58 | 000,426,944 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2014.05.12 18:57:58 | 000,403,392 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2014.05.12 18:57:58 | 000,346,048 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2014.05.12 18:57:57 | 001,292,904 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2014.05.12 18:57:57 | 000,458,344 | ---- | M] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2014.05.12 18:57:57 | 000,389,736 | ---- | M] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2014.05.12 18:57:57 | 000,375,400 | ---- | M] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2014.05.12 18:57:57 | 000,218,216 | ---- | M] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2014.05.12 18:57:56 | 006,176,944 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPP32A.dll
[2014.05.12 18:57:56 | 001,220,200 | ---- | M] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2014.05.12 18:57:56 | 000,654,952 | ---- | M] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2014.05.12 18:57:55 | 001,489,072 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPD32A.dll
[2014.05.12 18:57:55 | 000,272,048 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPO32A.dll
[2014.05.12 18:57:55 | 000,219,312 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPA32.dll
[2014.05.12 18:57:55 | 000,092,584 | ---- | M] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2014.05.12 18:57:54 | 000,502,584 | ---- | M] () -- C:\Windows\System32\audioLibVc.dll
[2014.05.12 18:57:54 | 000,095,840 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2014.05.12 18:57:53 | 000,188,696 | ---- | M] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2014.05.12 18:57:53 | 000,182,472 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2014.05.12 18:57:11 | 000,100,896 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
[2014.05.12 18:57:11 | 000,076,872 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RtNicProp32.dll
[2014.05.12 14:29:29 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014.05.09 14:58:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf6b7df7503398.job
[2014.05.06 06:07:39 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.05.05 20:12:22 | 000,748,684 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014.05.05 20:12:22 | 000,665,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.05.05 20:12:22 | 000,150,548 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014.05.05 20:12:22 | 000,123,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.04.30 07:02:34 | 000,041,848 | ---- | M] () -- C:\Users\Adina\Desktop\Teza11_semII_2014.pdf
[2014.04.28 17:09:25 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.04.28 16:53:03 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014.04.28 16:53:03 | 000,176,040 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014.04.28 16:53:03 | 000,176,040 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014.04.28 16:53:03 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
 
========== Files Created - No Company Name ==========
 
[2014.05.18 16:04:14 | 001,325,827 | ---- | C] () -- C:\Users\Adina\Desktop\AdwCleaner.exe
[2014.05.15 03:30:26 | 007,400,819 | ---- | C] () -- C:\Users\Adina\Desktop\SUBIECTE ADMITERE POLITEHNICA.rar
[2014.05.12 19:00:24 | 000,076,472 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2014.05.12 19:00:16 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014.05.12 19:00:10 | 013,913,600 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2014.05.12 19:00:09 | 000,000,146 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2014.05.12 19:00:06 | 000,136,603 | ---- | C] () -- C:\Windows\System32\Gfxres.ro-RO.resources
[2014.05.12 19:00:05 | 000,131,839 | ---- | C] () -- C:\Windows\System32\Gfxres.hr-HR.resources
[2014.05.12 19:00:04 | 000,124,052 | ---- | C] () -- C:\Windows\System32\Gfxres.en-US.resources
[2014.05.12 18:58:27 | 005,804,772 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2014.05.12 18:58:22 | 000,757,301 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.05.12 18:57:54 | 000,502,584 | ---- | C] () -- C:\Windows\System32\audioLibVc.dll
[2014.05.12 18:57:53 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2014.05.12 14:29:29 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014.05.09 14:58:18 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf6b7df7503398.job
[2014.04.30 07:02:33 | 000,041,848 | ---- | C] () -- C:\Users\Adina\Desktop\Teza11_semII_2014.pdf
[2014.04.17 21:39:19 | 000,038,434 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2014.04.17 21:37:47 | 000,038,443 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013.07.05 05:31:20 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wspspodsini.dll
[2013.07.05 05:28:42 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2013.07.05 05:27:58 | 000,000,884 | RHS- | C] () -- C:\Users\Adina\ntuser.pol
[2013.02.18 19:39:36 | 000,040,344 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.11.07 19:25:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ADINA-PC-Microsoft-Windows-7-Enterprise-(32-bit).dat
[2012.07.08 16:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.04.17 14:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 22:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.02.19 15:57:07 | 000,023,552 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 19:57:00 | 000,004,096 | ---- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.29 16:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 05:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010.11.20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2009.07.14 04:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013.02.27 07:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009.07.14 04:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010.11.20 15:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010.11.20 15:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2014.04.12 05:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 04:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012.07.05 00:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013.07.09 07:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.20 15:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010.11.20 15:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011.03.03 08:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 04:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 04:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009.07.14 04:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010.11.20 15:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 04:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 04:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 04:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 04:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2010.11.20 15:20:30 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 04:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011.05.24 13:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012.02.11 08:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2014.04.12 05:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 04:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010.11.20 15:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010.11.20 15:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 04:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2014.04.12 05:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009.07.14 04:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010.11.20 15:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010.11.20 15:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010.11.20 15:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010.11.20 15:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.14 04:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012.05.01 07:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010.11.20 15:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010.11.20 15:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010.11.20 15:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010.11.20 15:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.11.20 15:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010.11.20 15:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010.11.20 15:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
No service found with a name of msiserver
SRV - [2009.07.14 04:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012.06.03 01:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010.11.20 15:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 04:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010.11.20 15:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Windows7
 Volume Serial Number is 80D0-7A6B
 Directory of C:\
29.12.2010  15:50    <JUNCTION>     Documents and Settings [..]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
29.12.2010  15:50    <JUNCTION>     Application Data [..]
29.12.2010  15:50    <JUNCTION>     Desktop [..]
29.12.2010  15:50    <JUNCTION>     Favorites [..]
29.12.2010  15:50    <JUNCTION>     Start Menu [..]
29.12.2010  15:50    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users
29.12.2010  15:50    <SYMLINKD>     All Users [C:\ProgramData]
29.12.2010  15:50    <JUNCTION>     Default User [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Adina
29.12.2010  15:50    <JUNCTION>     Application Data [C:\Users\Adina\AppData\Roaming]
29.12.2010  15:50    <JUNCTION>     Cookies [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Cookies]
29.12.2010  15:50    <JUNCTION>     Local Settings [C:\Users\Adina\AppData\Local]
29.12.2010  15:50    <JUNCTION>     My Documents [C:\Users\Adina\Documents]
29.12.2010  15:50    <JUNCTION>     NetHood [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29.12.2010  15:50    <JUNCTION>     PrintHood [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29.12.2010  15:50    <JUNCTION>     Recent [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Recent]
29.12.2010  15:50    <JUNCTION>     SendTo [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\SendTo]
29.12.2010  15:50    <JUNCTION>     Start Menu [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu]
29.12.2010  15:50    <JUNCTION>     Templates [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Adina\AppData\Local
29.12.2010  15:50    <JUNCTION>     Application Data [C:\Users\Adina\AppData\Local]
29.12.2010  15:50    <JUNCTION>     History [C:\Users\Adina\AppData\Local\Microsoft\Windows\History]
29.12.2010  15:50    <JUNCTION>     Temporary Internet Files [C:\Users\Adina\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Adina\Documents
29.12.2010  15:50    <JUNCTION>     My Music [C:\Users\Adina\Music]
29.12.2010  15:50    <JUNCTION>     My Pictures [C:\Users\Adina\Pictures]
29.12.2010  15:50    <JUNCTION>     My Videos [C:\Users\Adina\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator
31.12.2010  02:16    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Roaming]
31.12.2010  02:16    <JUNCTION>     Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
31.12.2010  02:16    <JUNCTION>     Local Settings [C:\Users\Administrator\AppData\Local]
31.12.2010  02:16    <JUNCTION>     My Documents [C:\Users\Administrator\Documents]
31.12.2010  02:16    <JUNCTION>     NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31.12.2010  02:16    <JUNCTION>     PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31.12.2010  02:16    <JUNCTION>     Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
31.12.2010  02:16    <JUNCTION>     SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
31.12.2010  02:16    <JUNCTION>     Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
31.12.2010  02:16    <JUNCTION>     Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local
31.12.2010  02:16    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
31.12.2010  02:16    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
31.12.2010  02:16    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Documents
31.12.2010  02:16    <JUNCTION>     My Music [C:\Users\Administrator\Music]
31.12.2010  02:16    <JUNCTION>     My Pictures [C:\Users\Administrator\Pictures]
31.12.2010  02:16    <JUNCTION>     My Videos [C:\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
29.12.2010  15:50    <JUNCTION>     Application Data [..]
29.12.2010  15:50    <JUNCTION>     Desktop [..]
29.12.2010  15:50    <JUNCTION>     Favorites [..]
29.12.2010  15:50    <JUNCTION>     Start Menu [..]
29.12.2010  15:50    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
29.12.2010  15:50    <JUNCTION>     Application Data [..]
29.12.2010  15:50    <JUNCTION>     Local Settings [..]
29.12.2010  15:50    <JUNCTION>     My Documents [..]
29.12.2010  15:50    <JUNCTION>     NetHood [..]
29.12.2010  15:50    <JUNCTION>     PrintHood [..]
29.12.2010  15:50    <JUNCTION>     Recent [..]
29.12.2010  15:50    <JUNCTION>     SendTo [..]
29.12.2010  15:50    <JUNCTION>     Start Menu [..]
29.12.2010  15:50    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
29.12.2010  15:50    <JUNCTION>     Application Data [..]
29.12.2010  15:50    <JUNCTION>     History [..]
29.12.2010  15:50    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
29.12.2010  15:50    <JUNCTION>     My Music [..]
29.12.2010  15:50    <JUNCTION>     My Pictures [..]
29.12.2010  15:50    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
29.12.2010  15:50    <JUNCTION>     My Music [C:\Users\Public\Music]
29.12.2010  15:50    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
29.12.2010  15:50    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
15.12.2011  22:31    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15.12.2011  22:31    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
15.12.2011  22:31    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
15.12.2011  22:31    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
15.12.2011  22:31    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
15.12.2011  22:31    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
15.12.2011  22:31    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
15.12.2011  22:31    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
15.12.2011  22:31    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
15.12.2011  22:31    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15.12.2011  22:31    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15.12.2011  22:31    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
15.12.2011  22:31    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
15.12.2011  22:31    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
15.12.2011  22:31    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              78 Dir(s)  25.351.630.848 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: SERVICES  >
[2009.06.11 00:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.11 00:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.ASFX  >
[2013.09.05 17:04:32 | 000,002,537 | ---- | M] () MD5=12119C94DF8D736A53F6C331FD72D46E -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sl_SI\Services\Services.asfx
[2013.09.05 17:04:20 | 000,002,491 | ---- | M] () MD5=137C7EE24F5411F53B8326B9B219FC66 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\nb_NO\Services\Services.asfx
[2013.09.05 17:04:32 | 000,002,646 | ---- | M] () MD5=1C24FB4029C5A7955E15B54B554F57EF -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ro_RO\Services\Services.asfx
[2013.09.05 17:04:30 | 000,002,514 | ---- | M] () MD5=1DEE0ACF57AF9BCA6EF55DB87DE5177D -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\hr_HR\Services\Services.asfx
[2013.09.05 17:04:30 | 000,003,372 | ---- | M] () MD5=25FC40F1B20BA96E94362080824538BB -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ru_RU\Services\Services.asfx
[2013.09.05 17:04:16 | 000,002,626 | ---- | M] () MD5=2FD7F2FDEF0BA1B3080372C092348748 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\nl_NL\Services\Services.asfx
[2013.09.05 17:04:12 | 000,002,531 | ---- | M] () MD5=3245B95570BB6FBB531E2FEDF48A75C0 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\it_IT\Services\Services.asfx
[2013.09.05 17:04:18 | 000,002,575 | ---- | M] () MD5=41E9C3CD70C83B6E2120F86B813E45D6 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fi_FI\Services\Services.asfx
[2013.09.05 17:04:38 | 000,002,495 | ---- | M] () MD5=5023B9592E48988B41AE03208E6E11BF -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\eu_ES\Services\Services.asfx
[2013.09.05 17:04:22 | 000,002,651 | ---- | M] () MD5=529CE83F2FA3AB06251EAA5DB897D096 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ko_KR\Services\Services.asfx
[2013.09.05 17:04:28 | 000,002,758 | ---- | M] () MD5=5BF29BD056628A88C25959BA80EE9BED -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\hu_HU\Services\Services.asfx
[2013.09.05 17:04:36 | 000,002,541 | ---- | M] () MD5=5EA0637B4A389696A7D809C3E9EC2EC7 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ca_ES\Services\Services.asfx
[2013.09.05 17:04:34 | 000,003,262 | ---- | M] () MD5=67A74DCD86C142D2E6B4F1F16E5E1F2C -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\uk_UA\Services\Services.asfx
[2013.09.05 17:04:26 | 000,002,617 | ---- | M] () MD5=689F53EAA80054DF4BC686856E185035 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2013.09.05 17:04:24 | 000,002,486 | ---- | M] () MD5=69DBB0C500BD18C1D0764FB0242ED213 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\zh_TW\Services\Services.asfx
[2013.09.05 17:04:34 | 000,002,638 | ---- | M] () MD5=71B6B0BD0214C789D3F301EE790A6D2F -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sk_SK\Services\Services.asfx
[2013.09.05 17:04:14 | 000,002,554 | ---- | M] () MD5=74339E2CE2536875C3C678B0CAF6EC51 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sv_SE\Services\Services.asfx
[2013.09.05 17:04:30 | 000,002,599 | ---- | M] () MD5=83107AFE70C6D6EEB7C079CCCCE406D7 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\tr_TR\Services\Services.asfx
[2013.09.05 17:04:12 | 000,002,849 | ---- | M] () MD5=86BBDCD8357F52C31C289EDEC9B158FF -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012.09.23 20:43:54 | 000,002,488 | R--- | M] () MD5=B1468F053A250799FCE421BEC8AA9A57 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx
[2013.09.05 17:04:16 | 000,002,523 | ---- | M] () MD5=BFFD6506EABA593CF59568B43395B742 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\da_DK\Services\Services.asfx
[2013.09.05 17:04:14 | 000,002,544 | ---- | M] () MD5=E34F6F2011E6A981EE46105A813AA6B4 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\es_ES\Services\Services.asfx
[2013.09.05 17:04:24 | 000,002,455 | ---- | M] () MD5=E6A6F3449EDB55E0A8A4F98E4527964B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\zh_CN\Services\Services.asfx
[2013.09.05 17:04:08 | 000,002,614 | ---- | M] () MD5=F1B43A488FA907619B1469F76373D812 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fr_FR\Services\Services.asfx
[2013.09.05 17:04:22 | 000,002,586 | ---- | M] () MD5=F6CC4E1BC7DF8CA3D0EA34B84B83C1B0 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx
[2013.09.05 17:04:10 | 000,002,675 | ---- | M] () MD5=F9E81A4C2C84268EE7437424514D0D8D -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx
[2013.09.05 17:04:26 | 000,002,541 | ---- | M] () MD5=FDA0451B478CA4B92ECCBDC4C15D007C -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pl_PL\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX1  >
[2012.09.23 20:43:54 | 000,002,457 | R--- | M] () MD5=BE0958E015FED942FAD670540F2BCEC1 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx1
 
< MD5 for: SERVICES.ASFX10  >
[2012.09.23 20:43:56 | 000,002,543 | R--- | M] () MD5=C66A95C06294259E63522BBB0E8B3ED8 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx10
 
< MD5 for: SERVICES.ASFX11  >
[2012.09.23 20:43:48 | 000,002,628 | R--- | M] () MD5=8A84C89E1D2A0916D4464D5AD46FB8AC -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx11
 
< MD5 for: SERVICES.ASFX12  >
[2012.09.23 20:43:50 | 000,002,493 | R--- | M] () MD5=A8C9725DBFAA9DB585F9691060B1FFA3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx12
 
< MD5 for: SERVICES.ASFX13  >
[2012.09.23 20:43:52 | 000,002,653 | R--- | M] () MD5=881E2DDB014FD5D09B84AA45F2E86077 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx13
 
< MD5 for: SERVICES.ASFX14  >
[2012.09.23 20:43:44 | 000,002,851 | R--- | M] () MD5=364469E5C8724EB95F2E142438C8CECF -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx14
 
< MD5 for: SERVICES.ASFX15  >
[2012.09.23 20:43:46 | 000,002,533 | R--- | M] () MD5=72E505C96C0A40BE1DFD0F5FB982F527 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx15
 
< MD5 for: SERVICES.ASFX16  >
[2012.09.23 20:43:56 | 000,002,760 | R--- | M] () MD5=69BCCC8BA799AD320C723B14DAE327EB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx16
 
< MD5 for: SERVICES.ASFX17  >
[2012.09.23 20:44:00 | 000,002,516 | R--- | M] () MD5=9B850C525959D9F53CD576DEF11F6ED4 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx17
 
< MD5 for: SERVICES.ASFX18  >
[2012.09.23 20:43:42 | 000,002,616 | R--- | M] () MD5=939A97CCEC5E78C7D41262B21158D749 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx18
 
< MD5 for: SERVICES.ASFX19  >
[2012.09.23 20:43:50 | 000,002,577 | R--- | M] () MD5=4160D76537EB300F681419BEA7589192 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx19
 
< MD5 for: SERVICES.ASFX2  >
[2012.09.23 20:44:02 | 000,003,264 | R--- | M] () MD5=6A3669AC3D692776A76DB4C513B73718 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx2
 
< MD5 for: SERVICES.ASFX20  >
[2012.09.23 20:44:06 | 000,002,497 | R--- | M] () MD5=6ECF361623A3B738642C61790DF3BF73 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx20
 
< MD5 for: SERVICES.ASFX21  >
[2012.09.23 20:43:46 | 000,002,546 | R--- | M] () MD5=DE20C36CDD3208B4E8544397E551C40B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx21
 
< MD5 for: SERVICES.ASFX22  >
[2012.09.23 20:43:44 | 000,002,677 | R--- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx22
 
< MD5 for: SERVICES.ASFX23  >
[2012.09.23 20:43:50 | 000,002,525 | R--- | M] () MD5=34EB1E120DAE2C8346BA3747D562355B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx23
 
< MD5 for: SERVICES.ASFX24  >
[2012.09.23 20:43:54 | 000,002,619 | R--- | M] () MD5=2468CEF75419234DCA72F892392DFB6C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx24
 
< MD5 for: SERVICES.ASFX25  >
[2012.09.23 20:44:04 | 000,002,543 | R--- | M] () MD5=C2EDC3B5BB19B6F41226433A889EFE48 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx25
 
< MD5 for: SERVICES.ASFX3  >
[2012.09.23 20:43:58 | 000,002,601 | R--- | M] () MD5=4E7A75C5564D7E08200E3B7F656BF227 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx3
 
< MD5 for: SERVICES.ASFX4  >
[2012.09.23 20:43:48 | 000,002,556 | R--- | M] () MD5=3BE849A0D8DEEF6E14BEC19D565A965D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx4
 
< MD5 for: SERVICES.ASFX5  >
[2012.09.23 20:44:02 | 000,002,539 | R--- | M] () MD5=8DEA878E25C893461D45C8974160B559 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx5
 
< MD5 for: SERVICES.ASFX6  >
[2012.09.23 20:44:04 | 000,002,640 | R--- | M] () MD5=A86B5BD2B198C0870542D6478C3CC6BC -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx6
 
< MD5 for: SERVICES.ASFX7  >
[2012.09.23 20:43:58 | 000,003,374 | R--- | M] () MD5=7DE29C93BAEEB470EE77CF5C1B1C03A1 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx7
 
< MD5 for: SERVICES.ASFX8  >
[2012.09.23 20:44:02 | 000,002,648 | R--- | M] () MD5=0865ABFC40AE2C730EF33F0E29C2C780 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx8
 
< MD5 for: SERVICES.ASFX9  >
[2012.09.23 20:43:52 | 000,002,588 | R--- | M] () MD5=0D18AE3100D7B9D49DCB1CE1EABA21F7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx9
 
< MD5 for: SERVICES.CFG  >
[2012.09.23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.cfg
[2013.12.21 09:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009.07.14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009.07.14 05:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009.07.14 05:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009.07.13 19:41:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=13D87E1A0FCE47C4743C2DED1F569F52 -- C:\Windows\System32\ro-RO\services.exe.mui
[2009.07.13 19:41:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=13D87E1A0FCE47C4743C2DED1F569F52 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_b08c6962d9d2fc09\services.exe.mui
[2009.07.13 19:47:16 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\System32\fr-FR\services.exe.mui
[2009.07.13 19:47:16 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c56701d7a41cb39\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009.07.14 07:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 07:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009.06.11 00:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.11 00:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009.07.13 19:36:16 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2009.07.13 19:36:16 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009.07.14 05:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009.07.14 05:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009.07.13 23:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 23:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< End of report >
 
 
I don't see the extras log and OTL program blocked after it generated the last log.
 
 
 

Edited by Kristina, 18 May 2014 - 07:22 AM.

  • 0

#5
Pyxis
Posted 18 May 2014 - 07:48 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
You can produce an Extras.txt log by opening OTL and clicking the None button. Under Extra Registry, choose Use SafeList. Press Run Fix after. Post the log it generates. :)
  • 0

#6
Pyxis
Posted 19 May 2014 - 07:22 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
While you are trying to produce the said log, could you let me know how is your computer performing so far? In this post, we'll continue to remove unwanted programs that reside in your system. Kindly post Extras.txt alongside the logs that will be generated from the following. :)
  • Step 1

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      9C5bx.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt to your desktop.
    • Select Uninstall application on close and click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3
    • Go to 'VirusTotal' and open a number of tabs corresponding to the number of files listed below:
      • C:\Windows\System32\drivers\adusbser.sys
      • C:\Windows\System32\drivers\DGIVECP.SYS
      • C:\Windows\System32\slprp32.dll
      • C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.xpi
    • Press the Choose File button.
    • Select one of the files listed above and choose Open.
    • Press the Scan it! button.
    • Repeat the 4th step on the other tab(s) as necessary.
    • Once the scan is finished, copy and paste the URL of the tab(s) in your next reply.
  • Step 4

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • checkup.txt (SecurityCheck)
    • JRT.txt (Junkware Removal Tool)
    • log.txt (ESET Online Scan)
    • VirusTotal Link(s) (VirusTotal)

  • 0

#7
Kristina
Posted 21 May 2014 - 01:36 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
OTL Extras logfile created on: 20.05.2014 20:43:32 - Run 7
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Adina\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy
 
3,30 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 48,06% Memory free
4,30 Gb Paging File | 2,14 Gb Available in Paging File | 49,72% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 22,45 Gb Free Space | 23,02% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 60,52 Gb Free Space | 16,44% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 173,11 Gb Free Space | 74,33% Space Free | Partition Type: NTFS
Drive H: | 2794,51 Gb Total Space | 2370,67 Gb Free Space | 84,83% Space Free | Partition Type: NTFS
 
Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\WinHlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.txt [@ = AutoCorectFile] -- C:\Program Files\AutoCorect\AutoCorect.exe (Softset)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\WinHlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A106EB-7846-4F71-B237-09B4C16D430B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0665E938-AB62-43B7-A5D3-A572046FCFB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{08E9C034-F393-4248-BC8C-6347B472EC87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1283EE64-67B8-49E3-8CC5-F8202DFA2352}" = lport=445 | protocol=6 | dir=in | app=system | 
"{17A422C2-EBB5-4049-953A-7403E91966C2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{18CFFAB7-3330-4A8E-90CB-8FB3F00ED22B}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{1F82D55E-8EF8-4A18-9F85-F0BA84DAAA4A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{210B966D-149D-4934-90E6-CDED8BFE8E3E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{227D9AFF-C68C-430B-AA9B-3E20F95AB81B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F3484F8-9058-45BD-8ECF-442B0EBCE8FE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3335508D-081A-46B7-9A40-0D42F1F90495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4DF32C77-F525-4860-A94E-780DD0B989AE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5164DB39-BE91-418A-B923-0FE12AE7033E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5311A714-F81F-41E3-B88D-CBA3A9E56A01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{57AFCC31-A0BA-4B76-8B4C-4A00A5DFE862}" = rport=137 | protocol=17 | dir=out | app=system | 
"{59D26556-EB7A-4D7C-BA06-465F9257756A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6171278E-55CC-4C75-9A1D-E48E66D2EB56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{665E8FAE-C2D6-40FD-8C6A-1D901E1A40F0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6E775984-FB8E-4028-ACC0-305A3DDDE1D0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8B3A8531-0C09-40C1-A7C0-F01972FFD3F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CEB490A7-41E1-4214-A714-3BEF6AF6B25C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB0BED99-930D-4D57-9866-D5918D576387}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{DE77401D-4690-4D3E-AD3D-6BED4C5146E8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F6FB9D6C-2E56-45BD-9365-CCB818D55556}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{FDEC0E45-5211-4762-9383-A9B84AF3C2AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) | 
"{FF83ACD7-E467-45BB-AC82-6A1B73A91525}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B80918-3EB5-45EF-B035-B884446B8EE9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{106DAFFF-AB06-4FF9-9382-3F28027D9D3D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{10742BAC-21E8-403A-851E-9F2839D8236B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12C247DD-206A-4E65-AF63-A6A95516D4B9}" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\utorrent\utorrent.exe | 
"{14AA5E64-871B-4862-833A-E2D8D5B86382}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CB84582-EF5E-4932-A850-DFFE5F59E388}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{1DB07F93-7B3E-41F8-A936-D6F39A748D08}" = protocol=17 | dir=in | app=c:\program files\battle.net\battle.net.exe | 
"{2C5BAF1E-F2E3-42E4-BDE8-8AFECD921324}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{3E058F7C-6448-4E22-9F79-00BF85A1AEE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{414C10CF-1876-4201-9906-4DCF0318CEAF}" = protocol=17 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
"{42D946DA-00AA-4907-B8B9-C53E617502AB}" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe | 
"{44FC7AB9-0260-444F-BDFE-ED18D5BE3D64}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{59C12610-771C-4EA1-B6E8-6901E44EE7BD}" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5A237733-A6ED-425A-AF06-0720795ABA77}" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\utorrent\utorrent.exe | 
"{68DBA296-6AF6-407A-AA5F-A90577BF17F8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{6A62ADFD-372A-4870-BCD5-1CDDEB521DF5}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) | 
"{70FAF749-8C54-4F9B-94D6-82F665374C6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{719A5F7A-9CC8-49BF-9357-EDF3365962B9}" = protocol=6 | dir=in | app=c:\program files\battle.net\battle.net.exe | 
"{72495CFD-4D76-4492-A8C1-9B1D6855B7BB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{76E46BDA-2D6B-4623-9FD6-DEA60B4076B0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{7817BBCF-8D10-44B5-B08E-F20B4ABD8362}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7A4AE856-710B-4F50-B567-8444274A93D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A8453E0-C825-4696-A740-412E450C8523}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) | 
"{7C154415-6BDE-4231-95E7-19CFFE45DE68}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{7CB4D38C-224E-4719-98B1-2FFB03E05E48}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{8404A5DD-3A67-40AC-BFB4-AFCFFB980E2B}" = protocol=6 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
"{879A6BBD-2B1A-4408-8296-509CB3D89873}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{93EEDF9E-6009-4136-A541-934BA948EE0B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{A1709533-D2D9-4FD3-9C6D-EC830A9E00D9}" = protocol=6 | dir=out | app=system | 
"{A39A3DFD-30F4-4C4D-8017-EFDD53D28D68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A5D26CA1-A343-4DF9-84FC-BA24A4E51BBD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{AC796949-8E92-412A-8D11-E9D9A81D3A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3FB211D-F1AD-472A-BD68-C10FACBC7A53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC5799BD-2524-4A68-8B28-3BFE4D7761B0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{BC97ED64-6748-4420-87AB-E35771FCD201}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) | 
"{C6BFCF99-777B-4707-8BF9-77412F7E68DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCDF49A1-5587-4CD3-980E-0A7F24779B51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0D2E486-7DC9-4CCD-949C-109944275E0F}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) | 
"{D6DC5F11-77A8-41B1-8F3D-2289A869B058}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{E5FD7B13-4031-4DFD-8AA2-B00D5ED6F89F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F0C6A4C1-01D4-4C63-AF90-5B3CBC971ABB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{F4ABE299-544F-43DE-9FE3-BED36B1A5257}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{FA24696C-436F-4E5D-A9BF-46624093BBF7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"TCP Query User{0CA13DEB-B693-4380-AA4D-02AB345C0BC6}C:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{16698D35-A8D6-42C1-9BDE-A3CBE4AD2285}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{16EBAF60-6C3F-442F-ACBD-46841E4EB723}C:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{1BAB3BD8-D737-4127-B89A-DD49288A1E2D}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe | 
"TCP Query User{2BB65CF3-0735-472C-8BFC-4EA824268E16}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{3D2EED05-3361-4100-8333-386B4A9E3582}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe | 
"TCP Query User{5660E3DC-B171-40E7-BFA0-A8BEC0F6E435}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{7A8CC01B-01CC-4E84-B1F5-D5523CEF306E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{9B4F2E02-C545-405F-8E4D-D98EA81C16A5}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{9BD89FF6-A567-4269-8D1E-57F9CDBCD8DF}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"TCP Query User{A5620B3E-672B-456D-AA42-6E13098C9E53}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{D1403207-B4FB-4F4C-8015-DC56371CAF81}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{11026EFF-346B-4260-9700-10F109AE78AE}C:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{199324CF-757A-4E8D-ADA2-26FFFDA2E1F7}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{4296701F-0F01-460F-961E-9DE63469F2A0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{4515A6ED-7885-47BD-A2BA-12E5D68A4C6F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{49B4820D-4A37-4713-AAF0-823AFD4E8C46}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{52E58A35-9EB0-460C-9F71-7004AC2AC8DF}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"UDP Query User{5D84BD84-3719-488F-8B2C-F62CB6E530C1}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe | 
"UDP Query User{88E936EF-A781-4A68-85ED-FB31CE5C505C}C:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{D0EB3F09-3791-459A-BF9C-21168DA530CB}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{D58571BA-865B-446E-AD6C-F77077C7C9E0}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe | 
"UDP Query User{E92AB952-607B-491B-9054-5B580B2F30CE}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{FB8237B9-9519-435F-B8C0-0A2B943B1C15}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}" = Angry Birds
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07EA4E9F-BD35-4F38-9809-D825B772B833}" = Image Optimizer 3.0
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr.Printer 
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.7.2
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather™ The Game
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 1.6
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{26A24AE4-039D-4CA4-87B4-2F83218005FF}" = Java 8 Update 5
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5C16076B-DB38-4E0E-9F36-9276010E4F51}" = Avira
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70a79d1f-686d-4d5c-962b-07aa1294eae0}" = Avira
"{70E4E07C-4C81-4B19-9D49-37AEB65E3A6B}_is1" = Smile Desktop version 1.0.4.259
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92E64C51-5096-442F-9A44-61CB2941391D}" = ACDSee 4.0 PowerPack Suite
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC76BA86-7AD7-2530-0000-A00000000004}" = Extended Asian Language font pack for Adobe Reader XI
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)  MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCB74778-4397-4335-8455-A75ACE919510}" = Image Compressor 2008 Free Edition
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C8736F91-44EF-4E78-8215-8E1A2401F6F4}" = Angry Birds Seasons
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40B2C78-30CA-4A8F-A157-C86B491C73AF}" = ACDSee Pro 6
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIMP3" = AIMP3
"AutoCorect stil contemporan_is1" = AutoCorect 4.1.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 9.0.1 4092550_is1" = Mathematica Extras 9.0 (4092550)
"Battle.net" = Battle.net
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"FileHippo.com" = FileHippo.com Update Checker
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GeoGebra 4.2" = GeoGebra 4.2
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hearthstone" = Hearthstone
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Mp3tag" = Mp3tag v2.54
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Recuva" = Recuva
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Samsung PC Studio 7" = Samsung PC Studio 7
"SoundTap" = SoundTap Streaming Audio Recorder
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.7
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.01 (32-bit)
"Xilisoft MP4 to DVD Converter" = Xilisoft MP4 to DVD Converter
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2014 17:59:59 | Computer Name = Adina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc100  Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
 stamp: 0x521ea91c  Exception code: 0xc0000005  Fault offset: 0x000303a2  Faulting process
 id: 0x2a8  Faulting application start time: 0x01cf7215e4788245  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 963bbe9e-de0e-11e3-97c7-1c6f654eb443
 
Error - 17.05.2014 18:31:44 | Computer Name = Adina-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
 PC Studio 7\TIS_VistaPIM.dll".  Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 18.05.2014 01:16:46 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x8007043C
 
Error - 18.05.2014 01:16:46 | Computer Name = Adina-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.
 
Error - 18.05.2014 01:18:22 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 18.05.2014 09:08:04 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 18.05.2014 12:00:18 | Computer Name = Adina-PC | Source = Windows Backup | ID = 4100
Description = Backup did not complete successfully because a shadow copy could not
 be created. Free up disk space on the drive that you are backing up by deleting
 unnecessary files and then try again.
 
Error - 19.05.2014 00:45:31 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 19.05.2014 03:18:21 | Computer Name = Adina-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
 PC Studio 7\TIS_VistaPIM.dll".  Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 19.05.2014 17:31:39 | Computer Name = Adina-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
 PC Studio 7\TIS_VistaPIM.dll".  Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ OSession Events ]
Error - 10.01.2013 02:12:46 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1104
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 10.01.2013 02:28:02 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 901
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 13.06.2013 13:33:59 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12709
 seconds with 8160 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2013 07:50:19 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4870
 seconds with 4500 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2013 07:51:39 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2013 12:22:00 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18762
 seconds with 8580 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2013 12:27:50 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 342
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2013 12:29:29 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 09.03.2014 18:03:04 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14937
 seconds with 3600 seconds of active time.  This session ended with a crash.
 
Error - 17.05.2014 16:53:30 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6880
 seconds with 3660 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.05.2014 09:41:40 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   PRSBDRVR  {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw
 
Error - 20.05.2014 10:09:21 | Computer Name = Adina-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 20.05.2014 10:09:21 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 20.05.2014 10:09:21 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 20.05.2014 10:09:32 | Computer Name = Adina-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 20.05.2014 10:09:32 | Computer Name = Adina-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 20.05.2014 10:09:32 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 20.05.2014 10:09:32 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 20.05.2014 10:09:32 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 20.05.2014 10:09:32 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
 
< End of report >
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x86
Ran by Adina on 20.05.2014 at 20:57:52,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-747581154-1102267190-2633786192-1000\Software\sweetim
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Adina\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Adina\AppData\Roaming\mozilla\firefox\profiles\lev0xhsv.default\minidumps [203 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\Adina\appdata\local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.05.2014 at 21:00:05,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4a0067bb32eb4c4082803c7f27dc6a4a
# engine=18339
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-21 03:22:31
# local_time=2014-05-21 06:22:31 (+0200, GTB Daylight Time)
# country="Romania"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 49088 24686834 38261 0
# compatibility_mode=5893 16776573 100 94 81801 152273742 0 0
# scanned=467474
# found=37
# cleaned=37
# scan_time=33529
sh=5C4422B8A162AFE9048E367C5B9C1932CCA25A9E ft=1 fh=2958be9b3cb0c285 vn="Win32/Toolbar.Conduit.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\CT3289075\plugins\TBVerifier.dll.vir"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=3D57289F4D6494254D0FA0C87497496E5ED64360 ft=1 fh=cf747a0932424af8 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\MixPad\mixpad.exe"
sh=C2523B45D9C2E9CB76AE9B6EC217E7F420D29A44 ft=1 fh=ef1848b0951683e4 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\MixPad\mpsetup_v3.06.exe"
sh=B1E23A48DAE74DA24EFC8D95234F0E33768A01B0 ft=1 fh=354a3ec332424af8 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\MixPad\uninst.exe"
sh=9CAB97F3ACFBE9C1B0FC840116E126634EA7A9E9 ft=1 fh=f990fd47fd44e620 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\SoundTap\soundtap.exe"
sh=FDDB41B079697DCB86BFEA2A0C1109FEB6B27AB2 ft=1 fh=ecee50efdf4353f6 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\SoundTap\soundtapsetup_v2.23.exe"
sh=347BB66C7BE3982B2602FE946E6BCF3C7C7224B5 ft=1 fh=9946b6b2c2e14984 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\VideoPad\uninst.exe"
sh=20E2D74783E28D768F2F4C9D856EAB1742ECBAB4 ft=1 fh=6378f278c2e14984 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\VideoPad\videopad.exe"
sh=6D8A3CAC283AC47CE01261DAAC15B09AF37D87CD ft=1 fh=811f7b6ed12c913d vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\VideoPad\vpsetup_v2.41.exe"
sh=89B4242BD511BD645E7A91389ACEC8B21988A73A ft=1 fh=8f3c79a3af3a7abf vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\WavePad\uninst.exe"
sh=025636415D4A0B691B757C10ABC1F84DEE5DA027 ft=1 fh=75023d69af3a7abf vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\WavePad\wavepad.exe"
sh=1FBC353331F2C5F300978AF27C8EC11B9F070BB8 ft=1 fh=5b2b89c54a2ce48c vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\WavePad\wpsetup_v5.08.exe"
sh=023614C5AD02AA589BB785CA5CF50DCF194C7AA8 ft=1 fh=38e3c675fc09b45d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Adina\Desktop\protectie\backups\backup-20130304-174227-580.dll"
sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Adina\Downloads\rcsetup151.exe"
sh=9B229D45DAF8E42A9E5AB80B8A8F3C1DA28BE5D9 ft=1 fh=fc29e722f48e28ff vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSI2D1B.tmp"
sh=4ABDFCB2C708492FF4D5684120E4C07DC7898C77 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AO potentially unsafe application (deleted - quarantined)" ac=C fn="D:\7. Kituri\Kituri\Adobe\Kituri ADOBE audition, premiere\Adobe Audition kit\Adobe Audition 2.0.iso"
sh=85DCB9781EDEF6664C5CF3687E463D4460EA02E4 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="D:\7. Kituri\Kituri\Adobe\Kituri ADOBE audition, premiere\Adobe Audition kit\Adobe Audition 3.0.iso"
sh=1C5244967D8907B676C6CBCEEE6BD9F90F10CC6B ft=1 fh=51b3b1bbaa02ab32 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="D:\7. Kituri\Kituri\PHOTOGRAPHY\PhotoScape_V3.6.2.exe"
sh=A6C2FFBE6DC47703332C4CC0B0B633AFB88DFD71 ft=1 fh=d165f6180e2e9d3a vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\7. Kituri\KITURI mici\bsplayer257.1051ENnew.exe"
sh=06B878680924BA31697E1AD72CFA13D07A45E36C ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="D:\7. Kituri\KITURI mici\sdc221.zip"
sh=6D8A3CAC283AC47CE01261DAAC15B09AF37D87CD ft=1 fh=811f7b6ed12c913d vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (deleted - quarantined)" ac=C fn="D:\7. Kituri\KITURI mici\videopadsetup.exe"
sh=D40FBAF76D1B6D1FC593E0399A3171EF50E1204E ft=1 fh=e7700d129ff08fc3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="D:\7. Kituri\KITURI mici\Protectie\Defrag\dfsetup209.exe"
sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="D:\7. Kituri\KITURI mici\Protectie\System Optimizer\ccsetup324.exe"
sh=72ADF7F363515B699A377907AF35CD47F1086AA4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-05-05 190000\Backup Files 2013-05-05 190000\Backup files 1.zip"
sh=B6470CF3D0E673ABE5FFF8142DF81769A60FAE92 ft=0 fh=0000000000000000 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-05-05 190000\Backup Files 2013-05-05 190000\Backup files 29.zip"
sh=CEF4BB653D5DA6C455E870BDBA5CA22005245205 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-05-05 190000\Backup Files 2013-05-05 190000\Backup files 30.zip"
sh=AA71282F913A9223776A2C1C3272BEB69A492B14 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-05-05 190000\Backup Files 2013-05-05 190000\Backup files 31.zip"
sh=8774B0A1E1EFA44D173B6A4A5166AF3FF80F56F8 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-05-05 190000\Backup Files 2013-05-12 190002\Backup files 1.zip"
sh=0B4C7C4F5988890477144DCFEBE295212CD00C60 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.M potentially unwanted application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-05-05 190000\Backup Files 2013-05-19 190002\Backup files 1.zip"
sh=8DA7DF9844F0C2241785ACB7673B3DE7F06FB0DC ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-05-05 190000\Backup Files 2013-06-02 210505\Backup files 2.zip"
sh=51AE4BA5643E650211EFAA6B1E834A123A0D6971 ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-06-23 190005\Backup Files 2013-06-23 190005\Backup files 1.zip"
sh=27951CB30214C31884FAB7E01E7D95CC8AA142A3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-06-23 190005\Backup Files 2013-06-23 190005\Backup files 30.zip"
sh=EC607D2C27BF7C2728ACD4D6FB2D3F237E5F1ED0 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-06-23 190005\Backup Files 2013-06-23 190005\Backup files 32.zip"
sh=8854E8669223E00D79A3D4FA7B6B26F3FEF362E6 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="D:\ADINA-PC\Backup Set 2013-06-23 190005\Backup Files 2013-06-23 190005\Backup files 33.zip"
sh=5CCCA9B5231955E279E5F8AE34C89C45C8919FA0 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="H:\Adina\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx"
sh=023614C5AD02AA589BB785CA5CF50DCF194C7AA8 ft=1 fh=38e3c675fc09b45d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="H:\Adina\Desktop\protectie\backups\backup-20130304-174227-580.dll"
 
 
 

Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol 
 SpywareBlaster 5.0    
 McAfee SiteAdvisor    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Java 8 Update 5  
 Java version out of Date!
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1) 
 Google Chrome 28.0.1500.63  
 Google Chrome 28.0.1500.71  
````````Process Check: objlist.exe by Laurent````````
 WinPatrol winpatrol.exe is disabled!
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log``````````````````````
 
 
 
 
 

https://www.virustot...sis/1400648943/

https://www.virustot...sis/1400649064/

https://www.virustot...sis/1400649211/

 

I couldn't find the last file to check, it didn't appear in the folder.

 

The same problems remain with windows updates and windows installer.

The Internet access icon takes a while to load upon start-up (I have a waiting circle for about 1 min).

 

Yahoo mail seems to work fine now, no more problems with it.

 

 


Edited by Kristina, 21 May 2014 - 01:37 AM.

  • 0

#8
Pyxis
Posted 22 May 2014 - 08:01 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

The same problems remain with windows updates


I see. Microsoft currently offers automated solutions for these issues; I would like for you to try running them, one after another:

and windows installer.

Click on the Run Now button and follow the on-screen instructions. In addition, please complete the steps below to fix a present vulnerability and provide me with a diagnostic log that will allow for analysis should the above solutions fail. :)
  • Step 1

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
    • Java Runtime Environment -- Update
    Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Step 2

    Download 'Farbar Service Scanner by Farbar' and save it to your desktop.
    • Ensure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Windows Update
      • Windows Defender
    • Press Scan.
    • A log will pop-up once done. Alternatively, you can find FSS.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • FSS.txt (Farbar Service Scanner)

  • 0

#9
Dakeyras
Posted 26 May 2014 - 01:40 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
Dakeyras
Posted 27 May 2014 - 12:04 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Topic re-opened per OP's request...
  • 0

Advertisements

#11
Kristina
Posted 27 May 2014 - 02:24 PM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

I tried the fix it options, but they don't work. Windows update doesn't work and I still can't install any program. I can not run the Java update you suggested.

The FSS.txt:

Farbar Service Scanner Version: 21-05-2014
Ran by Adina (administrator) on 27-05-2014 at 13:59:15
Running from "C:\Users\Adina\Downloads"
Microsoft Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-11-26 04:01] - [2013-11-26 04:01] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-11-26 04:01] - [2013-11-26 04:01] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 19:38] - [2013-07-09 07:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 05:18] - [2013-05-27 07:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


  • 0

#12
Pyxis
Posted 29 May 2014 - 09:04 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Let's try this one. :)
  • Step 1

    Download 'Windows Repair (All In One) by Tweaking.com' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Go through the installer. At the end of the process, the program screen should pop-up.
    • Navigate to Step 3: Optional:
      • Click Check. The scan will commence.
      • Select Do It if errors were found. Otherwise, proceed to the next step.
    • Navigate to Step 4: Optional:
      • Click Do It.
    • Navigate to Start Repairs and press Start. Choose No at the prompt.
      • Uncheck the following items:
        • 28 - Repair Windows 8 App Store
        • 29 - Repair Windows 8 Component Store
        • 30 - Restore Windows 8 COM+ Unmarshalers
      • Press Start to begin the process. It will take a while.
      • Note that a gray box will pop-up from time to time--this is normal.
    • Once done click the View Logs button.
      • Post the logs contained within the folder.
      • If you find it inconvenient, highlight all of the files (CTRL + A) > right-click on any of the items > Send to > Compressed (zipped) folder > Yes.
      • Attach the folder found at your desktop.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Windows Repair (All In One)

  • 0

#13
Kristina
Posted 30 May 2014 - 04:33 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

The Start Repairs step seems to have fixed the problems with Windows Installer and Windows Update. I can install programs now and the pending updates were installed. Step 3 and 4 didn't find errors.

 

Now however the computer doesn't recognize my Avira antivirus, a notification appears in the action center to install an antivirus.

 

I attached the logs you requested.

Attached Files

  • Attached File  Logs.rar   18.44KB   183 downloads

  • 0

#14
Pyxis
Posted 30 May 2014 - 10:13 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
I am glad to hear it works now. :) As for you anti-virus, that's usually the case when the service has not started (i.e. broken) or updates are currently being installed by the program (sometimes it disables itself momentarily in the process). To be sure, then, I'd like to ask you to perform a clean install:
  • Back up your license key located at C:\Program Files\Avira\AntiVir Desktop. Copy hbedv.key to your desktop.
  • Uninstall your anti-virus. You will be asked to reboot.
  • After, use 'this' tool to prepare your system for a clean installation. Ask it to scan for keys and delete all found instances.
  • Re-install your Avira product by downloading the appropriate setup file 'here'.
  • Once done, perform an update. Windows should recognize the program by then. Let me know if it still doesn't. It might be an issue with Security Center if so.
Please do not forget to also install the latest version of Java as instructed upon earlier. Uninstall the older version.
  • 0

#15
Kristina
Posted 01 June 2014 - 01:45 PM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

I reinstalled Avira and the notification is gone. :)

 

I noticed I recently installed Ask taskbar. I have now in startup programs Ask TBNotifier and Virtual New Tab. How can I get rid of these?

 

Also, the computer startup is taking very long, about 2 minutes only the desktop background and the mouse pointer load until desktop icons appear.


Edited by Kristina, 01 June 2014 - 01:45 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP