Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Corrupted Windows Uninstaller

Started by Kristina , May 15 2014 10:04 AM

  • This topic is locked This topic is locked

#16
Pyxis
Posted 01 June 2014 - 07:58 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Provide me with fresh OTL logs and we'll fix the rest of the issues now. :thumbsup:
  • Step 1

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      SNBlQhy.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
Userinit.exe
svchost.exe
/md5stop
    • Click Run Scan.
    • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
    • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Extras.txt (OTL)
    • OTL.txt (OTL)

  • 0

Advertisements

#17
Kristina
Posted 02 June 2014 - 07:32 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
OTL logfile created on: 02.06.2014 16:10:35 - Run 8
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Adina\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy
 
3,30 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 31,46% Memory free
4,30 Gb Paging File | 1,44 Gb Available in Paging File | 33,38% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 18,39 Gb Free Space | 18,85% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 64,75 Gb Free Space | 17,59% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 171,20 Gb Free Space | 73,51% Space Free | Partition Type: NTFS
Drive H: | 2794,51 Gb Total Space | 2370,67 Gb Free Space | 84,83% Space Free | Partition Type: NTFS
 
Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.05.29 22:28:57 | 009,571,888 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Battle.net\Battle.net.4656\Battle.net.exe
PRC - [2014.05.29 11:33:50 | 010,400,304 | ---- | M] () -- C:\Program Files\Hearthstone\Hearthstone.exe
PRC - [2014.05.23 11:30:42 | 000,133,184 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2014.05.18 15:53:12 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL (1).exe
PRC - [2014.05.14 14:27:34 | 000,183,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014.05.14 14:27:34 | 000,123,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014.05.09 18:46:27 | 009,177,648 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
PRC - [2014.05.09 11:16:58 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014.05.09 11:16:43 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.05.09 11:16:43 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.05.09 11:16:43 | 000,425,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014.04.01 22:19:44 | 001,911,760 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014.04.01 22:19:43 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.08.02 03:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013.07.03 08:10:29 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.23 05:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.29 22:28:56 | 026,065,408 | ---- | M] () -- C:\Program Files\Battle.net\Battle.net.4656\libcef.dll
MOD - [2014.05.29 22:28:56 | 000,739,840 | ---- | M] () -- C:\Program Files\Battle.net\Battle.net.4656\libGLESv2.dll
MOD - [2014.05.29 22:28:56 | 000,130,048 | ---- | M] () -- C:\Program Files\Battle.net\Battle.net.4656\libEGL.dll
MOD - [2014.05.29 11:33:50 | 010,400,304 | ---- | M] () -- C:\Program Files\Hearthstone\Hearthstone.exe
MOD - [2014.05.14 14:27:32 | 000,137,296 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014.05.14 14:27:28 | 000,049,744 | ---- | M] () -- C:\Users\Adina\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014.02.14 02:48:35 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014.02.14 02:47:43 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014.02.14 02:47:17 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014.02.14 02:46:24 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014.02.14 02:46:23 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014.02.14 01:54:50 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.02.14 01:54:35 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.02.14 01:54:32 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014.02.14 01:54:30 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014.02.14 01:54:28 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014.02.14 01:54:25 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.02.14 01:54:22 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014.02.14 01:54:22 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014.02.14 01:54:20 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014.02.14 01:54:20 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014.02.14 01:54:15 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.02.14 01:54:14 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.02.14 01:54:13 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.02.14 01:54:11 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014.02.14 01:54:08 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.02.14 01:54:07 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.02.14 01:54:06 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.02.14 01:54:02 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014.02.14 01:54:00 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013.11.02 00:21:53 | 000,028,672 | ---- | M] () -- C:\Program Files\Hearthstone\Hearthstone_Data\Plugins\PlayErrors32.dll
MOD - [2013.11.02 00:21:39 | 002,099,712 | ---- | M] () -- C:\Program Files\Hearthstone\Hearthstone_Data\Mono\mono.dll
MOD - [2013.07.03 08:10:26 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppgooglenaclpluginchrome.dll
MOD - [2013.07.03 08:10:23 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
MOD - [2013.07.03 08:09:27 | 000,601,552 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libglesv2.dll
MOD - [2013.07.03 08:09:26 | 000,123,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\libegl.dll
MOD - [2013.07.03 08:09:23 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.71\ffmpegsumo.dll
MOD - [2012.06.18 18:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2012.05.25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012.05.25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2009.05.16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008.12.06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014.05.23 11:30:42 | 000,133,184 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014.05.14 14:27:34 | 000,123,984 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014.05.13 23:29:06 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.11 09:30:07 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.05.09 11:16:58 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.05.09 11:16:44 | 001,039,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2014.05.09 11:16:43 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.04.01 22:19:43 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014.03.06 10:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.10.09 11:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.03 20:58:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () [Auto | Start_Pending] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Stopped] -- C:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (gdrv)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys -- ({0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw)
DRV - [2014.05.12 19:03:11 | 000,270,336 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2014.05.09 11:16:58 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2014.05.09 11:16:43 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014.05.09 11:16:43 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014.05.09 11:16:43 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.18 19:39:36 | 000,040,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 17:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.11.06 05:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2009.09.17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.02.12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 20:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 16:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01  [binary data]
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014.05.29 21:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.05.11 09:30:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.05.29 22:30:35 | 000,000,000 | ---D | M]
 
[2010.12.29 16:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2014.05.18 16:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2014.05.14 13:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions
[2013.07.04 15:17:50 | 000,000,904 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\searchplugins\yahoo.xml
[2014.05.11 09:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.05.11 09:30:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.05.11 09:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.05.11 09:30:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.05.11 09:30:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
[2014.05.29 21:58:16 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\USERS\ADINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E94GFN82.DEFAULT\EXTENSIONS\[email protected]
[2011.09.16 12:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 18:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.ro/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\
CHR - Extension: SiteAdvisor = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: AdBlock = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Skype Click to Call = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\
 
O1 HOSTS File: ([2013.08.07 18:57:26 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [VNT] C:\Program Files\VNT\vntldr.exe (APN LLC.)
O4 - HKU\.DEFAULT..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.06.01 22:40:38 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Avira
[2014.06.01 22:39:38 | 000,136,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2014.06.01 22:39:38 | 000,093,528 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2014.06.01 22:39:38 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2014.06.01 22:39:38 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2014.06.01 22:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.06.01 22:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.05.31 07:08:37 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\PROIECTE 12 F 2104 ENGLEZA
[2014.05.30 13:32:24 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\Logs
[2014.05.30 07:06:28 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\POZE  RUXI_familie_SSCNK
[2014.05.29 22:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014.05.29 22:45:33 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\VNT
[2014.05.29 22:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\VNT
[2014.05.29 22:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2014.05.29 22:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2014.05.29 22:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014.05.29 22:40:23 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014.05.29 22:40:17 | 000,176,040 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014.05.29 22:40:17 | 000,176,040 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014.05.29 22:39:26 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014.05.29 22:03:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014.05.29 21:59:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2014.05.29 21:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014.05.29 20:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2014.05.21 12:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2014.05.20 21:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014.05.18 16:10:00 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Adina\Desktop\aswMBR.exe
[2014.05.18 16:05:40 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.05.18 16:04:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.05.18 15:53:09 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL (1).exe
[2014.05.16 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\DropboxMaster
[2014.05.15 12:45:44 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014.05.14 15:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2014.05.14 15:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014.05.14 14:44:25 | 000,022,312 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\rsdrv.sys
[2014.05.14 13:52:45 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.05.14 13:52:16 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014.05.14 13:52:16 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014.05.14 13:52:16 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2014.05.14 13:52:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll
[2014.05.14 13:52:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll
[2014.05.14 13:52:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll
[2014.05.14 13:52:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll
[2014.05.14 13:52:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2014.05.14 13:52:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll
[2014.05.14 13:52:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2014.05.14 13:00:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014.05.14 13:00:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014.05.12 19:03:11 | 000,270,336 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\drivers\IntcDAud.sys
[2014.05.12 19:02:09 | 000,000,000 | ---D | C] -- C:\Intel
[2014.05.12 19:00:41 | 008,196,080 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\TVWSetup.exe
[2014.05.12 19:00:24 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v2993.dll
[2014.05.12 19:00:22 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2014.05.12 19:00:22 | 000,260,608 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2014.05.12 19:00:21 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrom.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2014.05.12 19:00:21 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2014.05.12 19:00:20 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2014.05.12 19:00:20 | 000,281,600 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2014.05.12 19:00:20 | 000,281,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2014.05.12 19:00:19 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2014.05.12 19:00:19 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhrv.lrc
[2014.05.12 19:00:19 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2014.05.12 19:00:19 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2014.05.12 19:00:19 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2014.05.12 19:00:18 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc
[2014.05.12 19:00:18 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2014.05.12 19:00:17 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2014.05.12 19:00:17 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2014.05.12 19:00:17 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2014.05.12 19:00:17 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2014.05.12 19:00:17 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2014.05.12 19:00:17 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2014.05.12 19:00:16 | 000,246,784 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcmrt32.dll
[2014.05.12 19:00:16 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2014.05.12 19:00:16 | 000,120,320 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2014.05.12 19:00:16 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2014.05.12 19:00:15 | 002,191,872 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcmjit32.dll
[2014.05.12 19:00:08 | 004,701,168 | ---- | C] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe
[2014.05.12 19:00:07 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll
[2014.05.12 18:59:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2014.05.12 18:58:33 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2014.05.12 18:58:32 | 001,823,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2014.05.12 18:58:32 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2014.05.12 18:58:32 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2014.05.12 18:58:32 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2014.05.12 18:58:32 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2014.05.12 18:58:32 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2014.05.12 18:58:31 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2014.05.12 18:58:31 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2014.05.12 18:58:31 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2014.05.12 18:58:30 | 000,606,968 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sltech32.dll
[2014.05.12 18:58:30 | 000,219,896 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\slprp32.dll
[2014.05.12 18:58:29 | 000,964,856 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\slcnt32.dll
[2014.05.12 18:58:29 | 000,919,600 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2014.05.12 18:58:29 | 000,827,128 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sl3apo32.dll
[2014.05.12 18:58:29 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2014.05.12 18:58:28 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2014.05.12 18:58:28 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2014.05.12 18:58:27 | 001,892,056 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2014.05.12 18:58:26 | 002,559,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2014.05.12 18:58:25 | 000,915,160 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2014.05.12 18:58:25 | 000,782,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2014.05.12 18:58:25 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2014.05.12 18:58:24 | 002,467,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2014.05.12 18:58:23 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2014.05.12 18:58:23 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2014.05.12 18:58:23 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2014.05.12 18:58:23 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2014.05.12 18:58:22 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2014.05.12 18:58:22 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2014.05.12 18:58:18 | 056,270,336 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2014.05.12 18:58:17 | 007,162,128 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2014.05.12 18:58:17 | 000,352,016 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2014.05.12 18:58:17 | 000,106,768 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2014.05.12 18:58:17 | 000,091,920 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2014.05.12 18:58:17 | 000,062,224 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2014.05.12 18:58:16 | 005,088,008 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOlfx.dll
[2014.05.12 18:58:16 | 000,890,160 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
[2014.05.12 18:58:16 | 000,852,016 | ---- | C] (Sony Corporation) -- C:\Windows\System32\MISS_APO.dll
[2014.05.12 18:58:15 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2014.05.12 18:58:13 | 011,736,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO30.dll
[2014.05.12 18:58:13 | 003,650,136 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnN.dll
[2014.05.12 18:58:13 | 000,948,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxSpeechAPO.dll
[2014.05.12 18:58:13 | 000,785,520 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO20.dll
[2014.05.12 18:58:11 | 028,031,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnA.dll
[2014.05.12 18:58:10 | 001,687,128 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2014.05.12 18:58:09 | 014,463,064 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2014.05.12 18:58:08 | 001,936,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2014.05.12 18:58:08 | 001,266,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO60.dll
[2014.05.12 18:58:08 | 000,874,584 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO50.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2014.05.12 18:58:07 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2014.05.12 18:58:07 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2014.05.12 18:58:07 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2014.05.12 18:58:06 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2014.05.12 18:57:58 | 002,421,792 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2014.05.12 18:57:58 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2014.05.12 18:57:58 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2014.05.12 18:57:58 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2014.05.12 18:57:58 | 000,426,944 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2014.05.12 18:57:58 | 000,403,392 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2014.05.12 18:57:58 | 000,346,048 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2014.05.12 18:57:57 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2014.05.12 18:57:57 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2014.05.12 18:57:57 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2014.05.12 18:57:57 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2014.05.12 18:57:57 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2014.05.12 18:57:56 | 006,176,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPP32A.dll
[2014.05.12 18:57:56 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2014.05.12 18:57:56 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2014.05.12 18:57:55 | 001,489,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPD32A.dll
[2014.05.12 18:57:55 | 000,272,048 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPO32A.dll
[2014.05.12 18:57:55 | 000,219,312 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPA32.dll
[2014.05.12 18:57:55 | 000,092,584 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2014.05.12 18:57:54 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2014.05.12 18:57:53 | 000,182,472 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2014.05.12 18:57:11 | 000,076,872 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RtNicProp32.dll
[2014.05.12 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Adina\.android
[2014.05.12 14:13:20 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\cache
[2014.05.11 09:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014.06.02 15:54:02 | 000,736,942 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014.06.02 15:54:02 | 000,653,562 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.06.02 15:54:02 | 000,146,706 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014.06.02 15:54:02 | 000,119,270 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.06.02 15:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.02 15:35:50 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.02 15:35:50 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.02 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.06.02 08:28:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.02 08:27:55 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.31 14:51:01 | 010,269,696 | ---- | M] () -- C:\Users\Adina\Desktop\Buna ziua.pps
[2014.05.30 21:09:57 | 000,546,805 | ---- | M] () -- C:\Users\Adina\Desktop\Cristea Adina - raport progres extins.pdf
[2014.05.30 00:18:52 | 000,537,246 | ---- | M] () -- C:\Users\Adina\Desktop\raport extins.pdf
[2014.05.29 22:45:06 | 000,000,859 | ---- | M] () -- C:\Users\Adina\Desktop\µTorrent.lnk
[2014.05.29 22:45:06 | 000,000,839 | ---- | M] () -- C:\Users\Adina\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014.05.29 22:26:14 | 000,002,835 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 6.lnk
[2014.05.29 21:58:48 | 003,997,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.05.29 21:52:44 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014.05.29 21:49:10 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014.05.29 21:00:32 | 000,002,125 | ---- | M] () -- C:\Users\Adina\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014.05.28 21:55:34 | 001,146,176 | ---- | M] () -- C:\Users\Adina\Desktop\SUB BAC 2014_OLIMPICI.zip
[2014.05.27 22:14:54 | 000,127,505 | ---- | M] () -- C:\Users\Adina\Desktop\CRISTE_ Adina_CA238052_21.05.2012_BA180164_22.05.2012.pdf
[2014.05.23 15:40:04 | 000,141,721 | ---- | M] () -- C:\Users\Adina\Desktop\brand personality.pdf
[2014.05.22 22:58:52 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.05.21 12:16:25 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2014.05.21 08:17:28 | 000,854,367 | ---- | M] () -- C:\Users\Adina\Desktop\SecurityCheck.exe
[2014.05.18 16:10:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Adina\Desktop\aswMBR.exe
[2014.05.18 16:04:23 | 001,325,827 | ---- | M] () -- C:\Users\Adina\Desktop\AdwCleaner.exe
[2014.05.18 15:53:12 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL (1).exe
[2014.05.14 14:10:32 | 000,000,884 | RHS- | M] () -- C:\Users\Adina\ntuser.pol
[2014.05.13 23:29:06 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.05.13 23:29:06 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.05.12 20:54:52 | 000,002,673 | ---- | M] () -- C:\Users\Public\Desktop\FotoCanvas.lnk
[2014.05.12 19:03:11 | 000,270,336 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\IntcDAud.sys
[2014.05.12 19:00:42 | 008,196,080 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\TVWSetup.exe
[2014.05.12 19:00:24 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v2993.dll
[2014.05.12 19:00:24 | 000,076,472 | ---- | M] () -- C:\Windows\System32\iglhxs32.vp
[2014.05.12 19:00:22 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2014.05.12 19:00:22 | 000,260,608 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2014.05.12 19:00:22 | 000,057,856 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2014.05.12 19:00:21 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrrom.lrc
[2014.05.12 19:00:21 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2014.05.12 19:00:21 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2014.05.12 19:00:21 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2014.05.12 19:00:20 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2014.05.12 19:00:20 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2014.05.12 19:00:20 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2014.05.12 19:00:20 | 000,281,600 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2014.05.12 19:00:20 | 000,281,088 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2014.05.12 19:00:19 | 000,285,184 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2014.05.12 19:00:19 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrhrv.lrc
[2014.05.12 19:00:19 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2014.05.12 19:00:19 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2014.05.12 19:00:18 | 009,030,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2014.05.12 19:00:18 | 000,285,184 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc
[2014.05.12 19:00:18 | 000,285,184 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2014.05.12 19:00:17 | 000,306,688 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2014.05.12 19:00:17 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2014.05.12 19:00:17 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2014.05.12 19:00:17 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2014.05.12 19:00:17 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2014.05.12 19:00:17 | 000,280,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2014.05.12 19:00:17 | 000,280,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2014.05.12 19:00:16 | 000,246,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcmrt32.dll
[2014.05.12 19:00:16 | 000,130,048 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2014.05.12 19:00:16 | 000,120,320 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2014.05.12 19:00:16 | 000,024,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2014.05.12 19:00:16 | 000,004,096 | ---- | M] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014.05.12 19:00:15 | 002,191,872 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcmjit32.dll
[2014.05.12 19:00:15 | 000,581,120 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2014.05.12 19:00:14 | 006,324,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2014.05.12 19:00:12 | 007,988,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igd10umd32.dll
[2014.05.12 19:00:10 | 013,913,600 | ---- | M] () -- C:\Windows\System32\ig4icd32.dll
[2014.05.12 19:00:09 | 000,096,256 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2014.05.12 19:00:09 | 000,000,146 | ---- | M] () -- C:\Windows\System32\GfxUI.exe.config
[2014.05.12 19:00:08 | 004,701,168 | ---- | M] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe
[2014.05.12 19:00:08 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll
[2014.05.12 19:00:06 | 000,136,603 | ---- | M] () -- C:\Windows\System32\Gfxres.ro-RO.resources
[2014.05.12 19:00:05 | 000,131,839 | ---- | M] () -- C:\Windows\System32\Gfxres.hr-HR.resources
[2014.05.12 19:00:05 | 000,124,052 | ---- | M] () -- C:\Windows\System32\Gfxres.en-US.resources
[2014.05.12 18:58:33 | 001,783,056 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2014.05.12 18:58:32 | 001,823,320 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2014.05.12 18:58:32 | 001,379,760 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2014.05.12 18:58:32 | 000,819,648 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2014.05.12 18:58:32 | 000,345,328 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2014.05.12 18:58:32 | 000,140,528 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2014.05.12 18:58:32 | 000,134,584 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2014.05.12 18:58:32 | 000,058,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2014.05.12 18:58:31 | 000,185,584 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2014.05.12 18:58:31 | 000,173,296 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2014.05.12 18:58:30 | 000,606,968 | ---- | M] (DTS, Inc.) -- C:\Windows\System32\sltech32.dll
[2014.05.12 18:58:30 | 000,219,896 | ---- | M] (TODO: <Company name>) -- C:\Windows\System32\slprp32.dll
[2014.05.12 18:58:29 | 000,964,856 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\slcnt32.dll
[2014.05.12 18:58:29 | 000,919,600 | ---- | M] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2014.05.12 18:58:29 | 000,827,128 | ---- | M] (DTS, Inc.) -- C:\Windows\System32\sl3apo32.dll
[2014.05.12 18:58:29 | 000,214,368 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2014.05.12 18:58:28 | 005,804,772 | ---- | M] () -- C:\Windows\System32\drivers\rtvienna.dat
[2014.05.12 18:58:28 | 000,074,080 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2014.05.12 18:58:28 | 000,068,960 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2014.05.12 18:58:27 | 001,892,056 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2014.05.12 18:58:26 | 002,559,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2014.05.12 18:58:25 | 000,915,160 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2014.05.12 18:58:25 | 000,782,040 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2014.05.12 18:58:25 | 000,013,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2014.05.12 18:58:24 | 002,467,544 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2014.05.12 18:58:23 | 000,359,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2014.05.12 18:58:23 | 000,170,840 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2014.05.12 18:58:23 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2014.05.12 18:58:23 | 000,064,856 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2014.05.12 18:58:22 | 000,757,301 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.05.12 18:58:22 | 000,295,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2014.05.12 18:58:22 | 000,295,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2014.05.12 18:58:18 | 056,270,336 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2014.05.12 18:58:17 | 007,162,128 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2014.05.12 18:58:17 | 000,352,016 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2014.05.12 18:58:17 | 000,106,768 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2014.05.12 18:58:17 | 000,091,920 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2014.05.12 18:58:17 | 000,062,224 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2014.05.12 18:58:16 | 005,088,008 | ---- | M] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOlfx.dll
[2014.05.12 18:58:16 | 000,890,160 | ---- | M] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
[2014.05.12 18:58:16 | 000,852,016 | ---- | M] (Sony Corporation) -- C:\Windows\System32\MISS_APO.dll
[2014.05.12 18:58:15 | 000,509,184 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2014.05.12 18:58:14 | 011,736,152 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO30.dll
[2014.05.12 18:58:13 | 003,650,136 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnN.dll
[2014.05.12 18:58:13 | 000,948,336 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxSpeechAPO.dll
[2014.05.12 18:58:13 | 000,785,520 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO20.dll
[2014.05.12 18:58:11 | 028,031,576 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnA.dll
[2014.05.12 18:58:10 | 001,687,128 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2014.05.12 18:58:09 | 014,463,064 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2014.05.12 18:58:08 | 001,936,472 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2014.05.12 18:58:08 | 001,266,776 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO60.dll
[2014.05.12 18:58:08 | 000,874,584 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO50.dll
[2014.05.12 18:58:07 | 001,143,408 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2014.05.12 18:58:07 | 000,509,184 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2014.05.12 18:58:07 | 000,232,792 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2014.05.12 18:58:07 | 000,132,368 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2014.05.12 18:58:06 | 000,357,712 | ---- | M] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2014.05.12 18:57:58 | 002,421,792 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2014.05.12 18:57:58 | 001,509,480 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2014.05.12 18:57:58 | 000,631,400 | ---- | M] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2014.05.12 18:57:58 | 000,601,704 | ---- | M] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2014.05.12 18:57:58 | 000,426,944 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2014.05.12 18:57:58 | 000,403,392 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2014.05.12 18:57:58 | 000,346,048 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2014.05.12 18:57:57 | 001,292,904 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2014.05.12 18:57:57 | 000,458,344 | ---- | M] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2014.05.12 18:57:57 | 000,389,736 | ---- | M] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2014.05.12 18:57:57 | 000,375,400 | ---- | M] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2014.05.12 18:57:57 | 000,218,728 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2014.05.12 18:57:57 | 000,218,216 | ---- | M] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2014.05.12 18:57:56 | 006,176,944 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPP32A.dll
[2014.05.12 18:57:56 | 001,220,200 | ---- | M] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2014.05.12 18:57:56 | 000,654,952 | ---- | M] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2014.05.12 18:57:55 | 001,489,072 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPD32A.dll
[2014.05.12 18:57:55 | 000,272,048 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPO32A.dll
[2014.05.12 18:57:55 | 000,219,312 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\DDPA32.dll
[2014.05.12 18:57:55 | 000,092,584 | ---- | M] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2014.05.12 18:57:54 | 000,502,584 | ---- | M] () -- C:\Windows\System32\audioLibVc.dll
[2014.05.12 18:57:54 | 000,095,840 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2014.05.12 18:57:53 | 000,188,696 | ---- | M] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2014.05.12 18:57:53 | 000,182,472 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2014.05.12 18:57:11 | 000,100,896 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
[2014.05.12 18:57:11 | 000,076,872 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RtNicProp32.dll
[2014.05.12 14:29:29 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014.05.09 14:58:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf6b7df7503398.job
[2014.05.09 11:16:58 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2014.05.09 11:16:43 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2014.05.09 11:16:43 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2014.05.09 11:16:43 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2014.05.06 06:07:39 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2014.05.31 14:50:57 | 010,269,696 | ---- | C] () -- C:\Users\Adina\Desktop\Buna ziua.pps
[2014.05.30 21:09:55 | 000,546,805 | ---- | C] () -- C:\Users\Adina\Desktop\Cristea Adina - raport progres extins.pdf
[2014.05.30 00:18:50 | 000,537,246 | ---- | C] () -- C:\Users\Adina\Desktop\raport extins.pdf
[2014.05.29 21:00:32 | 000,002,125 | ---- | C] () -- C:\Users\Adina\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014.05.28 21:55:33 | 001,146,176 | ---- | C] () -- C:\Users\Adina\Desktop\SUB BAC 2014_OLIMPICI.zip
[2014.05.27 22:14:50 | 000,127,505 | ---- | C] () -- C:\Users\Adina\Desktop\CRISTE_ Adina_CA238052_21.05.2012_BA180164_22.05.2012.pdf
[2014.05.23 15:40:00 | 000,141,721 | ---- | C] () -- C:\Users\Adina\Desktop\brand personality.pdf
[2014.05.21 12:16:25 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2014.05.21 08:17:19 | 000,854,367 | ---- | C] () -- C:\Users\Adina\Desktop\SecurityCheck.exe
[2014.05.18 16:04:14 | 001,325,827 | ---- | C] () -- C:\Users\Adina\Desktop\AdwCleaner.exe
[2014.05.12 19:00:24 | 000,076,472 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2014.05.12 19:00:16 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014.05.12 19:00:10 | 013,913,600 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2014.05.12 19:00:09 | 000,000,146 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2014.05.12 19:00:06 | 000,136,603 | ---- | C] () -- C:\Windows\System32\Gfxres.ro-RO.resources
[2014.05.12 19:00:05 | 000,131,839 | ---- | C] () -- C:\Windows\System32\Gfxres.hr-HR.resources
[2014.05.12 19:00:04 | 000,124,052 | ---- | C] () -- C:\Windows\System32\Gfxres.en-US.resources
[2014.05.12 18:58:27 | 005,804,772 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2014.05.12 18:58:22 | 000,757,301 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.05.12 18:57:54 | 000,502,584 | ---- | C] () -- C:\Windows\System32\audioLibVc.dll
[2014.05.12 18:57:53 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2014.05.12 14:29:29 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014.05.09 14:58:18 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf6b7df7503398.job
[2014.04.17 21:39:19 | 000,038,434 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2014.04.17 21:37:47 | 000,038,443 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013.07.05 05:31:20 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wspspodsini.dll
[2013.07.05 05:28:42 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2013.07.05 05:27:58 | 000,000,884 | RHS- | C] () -- C:\Users\Adina\ntuser.pol
[2013.02.18 19:39:36 | 000,040,344 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.11.07 19:25:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ADINA-PC-Microsoft-Windows-7-Enterprise-(32-bit).dat
[2012.07.08 16:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.04.17 14:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 22:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.02.19 15:57:07 | 000,023,552 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 19:57:00 | 000,004,096 | ---- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.29 16:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 05:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2010.11.20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2009.07.14 04:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013.02.27 07:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009.07.14 04:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010.11.20 15:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010.11.20 15:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2014.04.12 05:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 04:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012.07.05 00:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013.07.09 07:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.20 15:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010.11.20 15:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011.03.03 08:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 04:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 04:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009.07.14 04:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010.11.20 15:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 04:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 04:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 04:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 04:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2010.11.20 15:20:30 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 04:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011.05.24 13:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012.02.11 08:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2014.04.12 05:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 04:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010.11.20 15:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010.11.20 15:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 04:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2014.04.12 05:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009.07.14 04:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010.11.20 15:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010.11.20 15:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010.11.20 15:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010.11.20 15:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.14 04:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012.05.01 07:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010.11.20 15:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010.11.20 15:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010.11.20 15:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010.11.20 15:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.11.20 15:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010.11.20 15:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010.11.20 15:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010.11.20 15:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 04:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012.06.03 01:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010.11.20 15:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 04:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010.11.20 15:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Windows7
 Volume Serial Number is 80D0-7A6B
 Directory of C:\
29.12.2010  15:50    <JUNCTION>     Documents and Settings [..]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
29.12.2010  15:50    <JUNCTION>     Application Data [..]
29.12.2010  15:50    <JUNCTION>     Desktop [..]
29.12.2010  15:50    <JUNCTION>     Favorites [..]
29.12.2010  15:50    <JUNCTION>     Start Menu [..]
29.12.2010  15:50    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users
29.12.2010  15:50    <SYMLINKD>     All Users [C:\ProgramData]
29.12.2010  15:50    <JUNCTION>     Default User [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Adina
29.12.2010  15:50    <JUNCTION>     Application Data [C:\Users\Adina\AppData\Roaming]
29.12.2010  15:50    <JUNCTION>     Cookies [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Cookies]
29.12.2010  15:50    <JUNCTION>     Local Settings [C:\Users\Adina\AppData\Local]
29.12.2010  15:50    <JUNCTION>     My Documents [C:\Users\Adina\Documents]
29.12.2010  15:50    <JUNCTION>     NetHood [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29.12.2010  15:50    <JUNCTION>     PrintHood [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29.12.2010  15:50    <JUNCTION>     Recent [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Recent]
29.12.2010  15:50    <JUNCTION>     SendTo [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\SendTo]
29.12.2010  15:50    <JUNCTION>     Start Menu [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu]
29.12.2010  15:50    <JUNCTION>     Templates [C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Adina\AppData\Local
29.12.2010  15:50    <JUNCTION>     Application Data [C:\Users\Adina\AppData\Local]
29.12.2010  15:50    <JUNCTION>     History [C:\Users\Adina\AppData\Local\Microsoft\Windows\History]
29.12.2010  15:50    <JUNCTION>     Temporary Internet Files [C:\Users\Adina\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Adina\Documents
29.12.2010  15:50    <JUNCTION>     My Music [C:\Users\Adina\Music]
29.12.2010  15:50    <JUNCTION>     My Pictures [C:\Users\Adina\Pictures]
29.12.2010  15:50    <JUNCTION>     My Videos [C:\Users\Adina\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator
31.12.2010  02:16    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Roaming]
31.12.2010  02:16    <JUNCTION>     Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
31.12.2010  02:16    <JUNCTION>     Local Settings [C:\Users\Administrator\AppData\Local]
31.12.2010  02:16    <JUNCTION>     My Documents [C:\Users\Administrator\Documents]
31.12.2010  02:16    <JUNCTION>     NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31.12.2010  02:16    <JUNCTION>     PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31.12.2010  02:16    <JUNCTION>     Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
31.12.2010  02:16    <JUNCTION>     SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
31.12.2010  02:16    <JUNCTION>     Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
31.12.2010  02:16    <JUNCTION>     Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local
31.12.2010  02:16    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
31.12.2010  02:16    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
31.12.2010  02:16    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Documents
31.12.2010  02:16    <JUNCTION>     My Music [C:\Users\Administrator\Music]
31.12.2010  02:16    <JUNCTION>     My Pictures [C:\Users\Administrator\Pictures]
31.12.2010  02:16    <JUNCTION>     My Videos [C:\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
29.12.2010  15:50    <JUNCTION>     Application Data [..]
29.12.2010  15:50    <JUNCTION>     Desktop [..]
29.12.2010  15:50    <JUNCTION>     Favorites [..]
29.12.2010  15:50    <JUNCTION>     Start Menu [..]
29.12.2010  15:50    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
29.12.2010  15:50    <JUNCTION>     Application Data [..]
29.12.2010  15:50    <JUNCTION>     Local Settings [..]
29.12.2010  15:50    <JUNCTION>     My Documents [..]
29.12.2010  15:50    <JUNCTION>     NetHood [..]
29.12.2010  15:50    <JUNCTION>     PrintHood [..]
29.12.2010  15:50    <JUNCTION>     Recent [..]
29.12.2010  15:50    <JUNCTION>     SendTo [..]
29.12.2010  15:50    <JUNCTION>     Start Menu [..]
29.12.2010  15:50    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
29.12.2010  15:50    <JUNCTION>     Application Data [..]
29.12.2010  15:50    <JUNCTION>     History [..]
29.12.2010  15:50    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
29.12.2010  15:50    <JUNCTION>     My Music [..]
29.12.2010  15:50    <JUNCTION>     My Pictures [..]
29.12.2010  15:50    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
29.12.2010  15:50    <JUNCTION>     My Music [C:\Users\Public\Music]
29.12.2010  15:50    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
29.12.2010  15:50    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
15.12.2011  22:31    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15.12.2011  22:31    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
15.12.2011  22:31    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
15.12.2011  22:31    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
15.12.2011  22:31    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
15.12.2011  22:31    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
15.12.2011  22:31    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
15.12.2011  22:31    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
15.12.2011  22:31    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
15.12.2011  22:31    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15.12.2011  22:31    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15.12.2011  22:31    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
15.12.2011  22:31    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
15.12.2011  22:31    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
15.12.2011  22:31    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              78 Dir(s)  19.748.114.432 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: SERVICES  >
[2009.06.11 00:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.11 00:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.ASFX  >
[2013.09.05 17:04:32 | 000,002,537 | ---- | M] () MD5=12119C94DF8D736A53F6C331FD72D46E -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sl_SI\Services\Services.asfx
[2013.09.05 17:04:20 | 000,002,491 | ---- | M] () MD5=137C7EE24F5411F53B8326B9B219FC66 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\nb_NO\Services\Services.asfx
[2013.09.05 17:04:32 | 000,002,646 | ---- | M] () MD5=1C24FB4029C5A7955E15B54B554F57EF -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ro_RO\Services\Services.asfx
[2013.09.05 17:04:30 | 000,002,514 | ---- | M] () MD5=1DEE0ACF57AF9BCA6EF55DB87DE5177D -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\hr_HR\Services\Services.asfx
[2013.09.05 17:04:30 | 000,003,372 | ---- | M] () MD5=25FC40F1B20BA96E94362080824538BB -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ru_RU\Services\Services.asfx
[2013.09.05 17:04:16 | 000,002,626 | ---- | M] () MD5=2FD7F2FDEF0BA1B3080372C092348748 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\nl_NL\Services\Services.asfx
[2013.09.05 17:04:12 | 000,002,531 | ---- | M] () MD5=3245B95570BB6FBB531E2FEDF48A75C0 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\it_IT\Services\Services.asfx
[2013.09.05 17:04:18 | 000,002,575 | ---- | M] () MD5=41E9C3CD70C83B6E2120F86B813E45D6 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fi_FI\Services\Services.asfx
[2013.09.05 17:04:38 | 000,002,495 | ---- | M] () MD5=5023B9592E48988B41AE03208E6E11BF -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\eu_ES\Services\Services.asfx
[2013.09.05 17:04:22 | 000,002,651 | ---- | M] () MD5=529CE83F2FA3AB06251EAA5DB897D096 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ko_KR\Services\Services.asfx
[2013.09.05 17:04:28 | 000,002,758 | ---- | M] () MD5=5BF29BD056628A88C25959BA80EE9BED -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\hu_HU\Services\Services.asfx
[2013.09.05 17:04:36 | 000,002,541 | ---- | M] () MD5=5EA0637B4A389696A7D809C3E9EC2EC7 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ca_ES\Services\Services.asfx
[2013.09.05 17:04:34 | 000,003,262 | ---- | M] () MD5=67A74DCD86C142D2E6B4F1F16E5E1F2C -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\uk_UA\Services\Services.asfx
[2013.09.05 17:04:26 | 000,002,617 | ---- | M] () MD5=689F53EAA80054DF4BC686856E185035 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2013.09.05 17:04:24 | 000,002,486 | ---- | M] () MD5=69DBB0C500BD18C1D0764FB0242ED213 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\zh_TW\Services\Services.asfx
[2013.09.05 17:04:34 | 000,002,638 | ---- | M] () MD5=71B6B0BD0214C789D3F301EE790A6D2F -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sk_SK\Services\Services.asfx
[2013.09.05 17:04:14 | 000,002,554 | ---- | M] () MD5=74339E2CE2536875C3C678B0CAF6EC51 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sv_SE\Services\Services.asfx
[2013.09.05 17:04:30 | 000,002,599 | ---- | M] () MD5=83107AFE70C6D6EEB7C079CCCCE406D7 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\tr_TR\Services\Services.asfx
[2013.09.05 17:04:12 | 000,002,849 | ---- | M] () MD5=86BBDCD8357F52C31C289EDEC9B158FF -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012.09.23 20:43:54 | 000,002,488 | R--- | M] () MD5=B1468F053A250799FCE421BEC8AA9A57 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx
[2013.09.05 17:04:16 | 000,002,523 | ---- | M] () MD5=BFFD6506EABA593CF59568B43395B742 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\da_DK\Services\Services.asfx
[2013.09.05 17:04:14 | 000,002,544 | ---- | M] () MD5=E34F6F2011E6A981EE46105A813AA6B4 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\es_ES\Services\Services.asfx
[2013.09.05 17:04:24 | 000,002,455 | ---- | M] () MD5=E6A6F3449EDB55E0A8A4F98E4527964B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\zh_CN\Services\Services.asfx
[2013.09.05 17:04:08 | 000,002,614 | ---- | M] () MD5=F1B43A488FA907619B1469F76373D812 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fr_FR\Services\Services.asfx
[2013.09.05 17:04:22 | 000,002,586 | ---- | M] () MD5=F6CC4E1BC7DF8CA3D0EA34B84B83C1B0 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx
[2013.09.05 17:04:10 | 000,002,675 | ---- | M] () MD5=F9E81A4C2C84268EE7437424514D0D8D -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx
[2013.09.05 17:04:26 | 000,002,541 | ---- | M] () MD5=FDA0451B478CA4B92ECCBDC4C15D007C -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pl_PL\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX1  >
[2012.09.23 20:43:54 | 000,002,457 | R--- | M] () MD5=BE0958E015FED942FAD670540F2BCEC1 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx1
 
< MD5 for: SERVICES.ASFX10  >
[2012.09.23 20:43:56 | 000,002,543 | R--- | M] () MD5=C66A95C06294259E63522BBB0E8B3ED8 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx10
 
< MD5 for: SERVICES.ASFX11  >
[2012.09.23 20:43:48 | 000,002,628 | R--- | M] () MD5=8A84C89E1D2A0916D4464D5AD46FB8AC -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx11
 
< MD5 for: SERVICES.ASFX12  >
[2012.09.23 20:43:50 | 000,002,493 | R--- | M] () MD5=A8C9725DBFAA9DB585F9691060B1FFA3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx12
 
< MD5 for: SERVICES.ASFX13  >
[2012.09.23 20:43:52 | 000,002,653 | R--- | M] () MD5=881E2DDB014FD5D09B84AA45F2E86077 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx13
 
< MD5 for: SERVICES.ASFX14  >
[2012.09.23 20:43:44 | 000,002,851 | R--- | M] () MD5=364469E5C8724EB95F2E142438C8CECF -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx14
 
< MD5 for: SERVICES.ASFX15  >
[2012.09.23 20:43:46 | 000,002,533 | R--- | M] () MD5=72E505C96C0A40BE1DFD0F5FB982F527 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx15
 
< MD5 for: SERVICES.ASFX16  >
[2012.09.23 20:43:56 | 000,002,760 | R--- | M] () MD5=69BCCC8BA799AD320C723B14DAE327EB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx16
 
< MD5 for: SERVICES.ASFX17  >
[2012.09.23 20:44:00 | 000,002,516 | R--- | M] () MD5=9B850C525959D9F53CD576DEF11F6ED4 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx17
 
< MD5 for: SERVICES.ASFX18  >
[2012.09.23 20:43:42 | 000,002,616 | R--- | M] () MD5=939A97CCEC5E78C7D41262B21158D749 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx18
 
< MD5 for: SERVICES.ASFX19  >
[2012.09.23 20:43:50 | 000,002,577 | R--- | M] () MD5=4160D76537EB300F681419BEA7589192 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx19
 
< MD5 for: SERVICES.ASFX2  >
[2012.09.23 20:44:02 | 000,003,264 | R--- | M] () MD5=6A3669AC3D692776A76DB4C513B73718 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx2
 
< MD5 for: SERVICES.ASFX20  >
[2012.09.23 20:44:06 | 000,002,497 | R--- | M] () MD5=6ECF361623A3B738642C61790DF3BF73 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx20
 
< MD5 for: SERVICES.ASFX21  >
[2012.09.23 20:43:46 | 000,002,546 | R--- | M] () MD5=DE20C36CDD3208B4E8544397E551C40B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx21
 
< MD5 for: SERVICES.ASFX22  >
[2012.09.23 20:43:44 | 000,002,677 | R--- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx22
 
< MD5 for: SERVICES.ASFX23  >
[2012.09.23 20:43:50 | 000,002,525 | R--- | M] () MD5=34EB1E120DAE2C8346BA3747D562355B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx23
 
< MD5 for: SERVICES.ASFX24  >
[2012.09.23 20:43:54 | 000,002,619 | R--- | M] () MD5=2468CEF75419234DCA72F892392DFB6C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx24
 
< MD5 for: SERVICES.ASFX25  >
[2012.09.23 20:44:04 | 000,002,543 | R--- | M] () MD5=C2EDC3B5BB19B6F41226433A889EFE48 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx25
 
< MD5 for: SERVICES.ASFX3  >
[2012.09.23 20:43:58 | 000,002,601 | R--- | M] () MD5=4E7A75C5564D7E08200E3B7F656BF227 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx3
 
< MD5 for: SERVICES.ASFX4  >
[2012.09.23 20:43:48 | 000,002,556 | R--- | M] () MD5=3BE849A0D8DEEF6E14BEC19D565A965D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx4
 
< MD5 for: SERVICES.ASFX5  >
[2012.09.23 20:44:02 | 000,002,539 | R--- | M] () MD5=8DEA878E25C893461D45C8974160B559 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx5
 
< MD5 for: SERVICES.ASFX6  >
[2012.09.23 20:44:04 | 000,002,640 | R--- | M] () MD5=A86B5BD2B198C0870542D6478C3CC6BC -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx6
 
< MD5 for: SERVICES.ASFX7  >
[2012.09.23 20:43:58 | 000,003,374 | R--- | M] () MD5=7DE29C93BAEEB470EE77CF5C1B1C03A1 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx7
 
< MD5 for: SERVICES.ASFX8  >
[2012.09.23 20:44:02 | 000,002,648 | R--- | M] () MD5=0865ABFC40AE2C730EF33F0E29C2C780 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx8
 
< MD5 for: SERVICES.ASFX9  >
[2012.09.23 20:43:52 | 000,002,588 | R--- | M] () MD5=0D18AE3100D7B9D49DCB1CE1EABA21F7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx9
 
< MD5 for: SERVICES.CFG  >
[2014.05.08 16:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012.09.23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2012.09.23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009.07.14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009.07.14 05:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009.07.14 05:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009.07.13 19:41:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=13D87E1A0FCE47C4743C2DED1F569F52 -- C:\Windows\System32\ro-RO\services.exe.mui
[2009.07.13 19:41:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=13D87E1A0FCE47C4743C2DED1F569F52 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_b08c6962d9d2fc09\services.exe.mui
[2009.07.13 19:47:16 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\System32\fr-FR\services.exe.mui
[2009.07.13 19:47:16 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c56701d7a41cb39\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009.07.14 07:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 07:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009.06.11 00:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.11 00:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009.07.13 19:36:16 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2009.07.13 19:36:16 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009.07.14 05:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009.07.14 05:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009.07.13 23:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 23:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< End of report >
 
 
 
 
 
 

OTL Extras logfile created on: 02.06.2014 16:10:35 - Run 8
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Adina\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy
 
3,30 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 31,46% Memory free
4,30 Gb Paging File | 1,44 Gb Available in Paging File | 33,38% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 18,39 Gb Free Space | 18,85% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 64,75 Gb Free Space | 17,59% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 171,20 Gb Free Space | 73,51% Space Free | Partition Type: NTFS
Drive H: | 2794,51 Gb Total Space | 2370,67 Gb Free Space | 84,83% Space Free | Partition Type: NTFS
 
Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\WinHlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.txt [@ = AutoCorectFile] -- C:\Program Files\AutoCorect\AutoCorect.exe (Softset)
 
[HKEY_USERS\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\WinHlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A106EB-7846-4F71-B237-09B4C16D430B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0665E938-AB62-43B7-A5D3-A572046FCFB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{08E9C034-F393-4248-BC8C-6347B472EC87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1283EE64-67B8-49E3-8CC5-F8202DFA2352}" = lport=445 | protocol=6 | dir=in | app=system | 
"{17A422C2-EBB5-4049-953A-7403E91966C2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{18CFFAB7-3330-4A8E-90CB-8FB3F00ED22B}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{1F82D55E-8EF8-4A18-9F85-F0BA84DAAA4A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{210B966D-149D-4934-90E6-CDED8BFE8E3E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{227D9AFF-C68C-430B-AA9B-3E20F95AB81B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F3484F8-9058-45BD-8ECF-442B0EBCE8FE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3335508D-081A-46B7-9A40-0D42F1F90495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4DF32C77-F525-4860-A94E-780DD0B989AE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5164DB39-BE91-418A-B923-0FE12AE7033E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5311A714-F81F-41E3-B88D-CBA3A9E56A01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{57AFCC31-A0BA-4B76-8B4C-4A00A5DFE862}" = rport=137 | protocol=17 | dir=out | app=system | 
"{59D26556-EB7A-4D7C-BA06-465F9257756A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6171278E-55CC-4C75-9A1D-E48E66D2EB56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{665E8FAE-C2D6-40FD-8C6A-1D901E1A40F0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6E775984-FB8E-4028-ACC0-305A3DDDE1D0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8B3A8531-0C09-40C1-A7C0-F01972FFD3F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CEB490A7-41E1-4214-A714-3BEF6AF6B25C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB0BED99-930D-4D57-9866-D5918D576387}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{DE77401D-4690-4D3E-AD3D-6BED4C5146E8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F6FB9D6C-2E56-45BD-9365-CCB818D55556}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{FDEC0E45-5211-4762-9383-A9B84AF3C2AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) | 
"{FF83ACD7-E467-45BB-AC82-6A1B73A91525}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B80918-3EB5-45EF-B035-B884446B8EE9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{106DAFFF-AB06-4FF9-9382-3F28027D9D3D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{10742BAC-21E8-403A-851E-9F2839D8236B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12C247DD-206A-4E65-AF63-A6A95516D4B9}" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\utorrent\utorrent.exe | 
"{14AA5E64-871B-4862-833A-E2D8D5B86382}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CB84582-EF5E-4932-A850-DFFE5F59E388}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{1D346C55-EAF9-4F1D-9ABB-01DA16D2E7E6}" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\utorrent\utorrent.exe | 
"{1DB07F93-7B3E-41F8-A936-D6F39A748D08}" = protocol=17 | dir=in | app=c:\program files\battle.net\battle.net.exe | 
"{2C5BAF1E-F2E3-42E4-BDE8-8AFECD921324}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{3E058F7C-6448-4E22-9F79-00BF85A1AEE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{414C10CF-1876-4201-9906-4DCF0318CEAF}" = protocol=17 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
"{42D946DA-00AA-4907-B8B9-C53E617502AB}" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe | 
"{44FC7AB9-0260-444F-BDFE-ED18D5BE3D64}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{59C12610-771C-4EA1-B6E8-6901E44EE7BD}" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5A237733-A6ED-425A-AF06-0720795ABA77}" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\utorrent\utorrent.exe | 
"{64FADBF0-47A7-45D7-8601-F99CB036DCA5}" = protocol=6 | dir=in | app=c:\users\adina\downloads\utorrent.exe | 
"{68DBA296-6AF6-407A-AA5F-A90577BF17F8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{6A62ADFD-372A-4870-BCD5-1CDDEB521DF5}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) | 
"{70FAF749-8C54-4F9B-94D6-82F665374C6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{719A5F7A-9CC8-49BF-9357-EDF3365962B9}" = protocol=6 | dir=in | app=c:\program files\battle.net\battle.net.exe | 
"{72495CFD-4D76-4492-A8C1-9B1D6855B7BB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{76E46BDA-2D6B-4623-9FD6-DEA60B4076B0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{7817BBCF-8D10-44B5-B08E-F20B4ABD8362}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7A4AE856-710B-4F50-B567-8444274A93D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A8453E0-C825-4696-A740-412E450C8523}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) | 
"{7C154415-6BDE-4231-95E7-19CFFE45DE68}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{7CB4D38C-224E-4719-98B1-2FFB03E05E48}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{8404A5DD-3A67-40AC-BFB4-AFCFFB980E2B}" = protocol=6 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
"{879A6BBD-2B1A-4408-8296-509CB3D89873}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{93EEDF9E-6009-4136-A541-934BA948EE0B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{A1709533-D2D9-4FD3-9C6D-EC830A9E00D9}" = protocol=6 | dir=out | app=system | 
"{A39A3DFD-30F4-4C4D-8017-EFDD53D28D68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A5D26CA1-A343-4DF9-84FC-BA24A4E51BBD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{AC796949-8E92-412A-8D11-E9D9A81D3A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3FB211D-F1AD-472A-BD68-C10FACBC7A53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC5799BD-2524-4A68-8B28-3BFE4D7761B0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{BC97ED64-6748-4420-87AB-E35771FCD201}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) | 
"{BFC3B2BD-186F-46CB-8C8F-EBCE06A9C9A2}" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\utorrent\utorrent.exe | 
"{C4A615C3-5E51-4DF5-9B40-660BA7C2ECE2}" = protocol=17 | dir=in | app=c:\users\adina\downloads\utorrent.exe | 
"{C6BFCF99-777B-4707-8BF9-77412F7E68DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCDF49A1-5587-4CD3-980E-0A7F24779B51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0D2E486-7DC9-4CCD-949C-109944275E0F}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) | 
"{D6DC5F11-77A8-41B1-8F3D-2289A869B058}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{E5FD7B13-4031-4DFD-8AA2-B00D5ED6F89F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F0C6A4C1-01D4-4C63-AF90-5B3CBC971ABB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{F4ABE299-544F-43DE-9FE3-BED36B1A5257}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{FA24696C-436F-4E5D-A9BF-46624093BBF7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"TCP Query User{0CA13DEB-B693-4380-AA4D-02AB345C0BC6}C:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{16698D35-A8D6-42C1-9BDE-A3CBE4AD2285}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{16EBAF60-6C3F-442F-ACBD-46841E4EB723}C:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{1BAB3BD8-D737-4127-B89A-DD49288A1E2D}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe | 
"TCP Query User{2BB65CF3-0735-472C-8BFC-4EA824268E16}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{3D2EED05-3361-4100-8333-386B4A9E3582}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe | 
"TCP Query User{5660E3DC-B171-40E7-BFA0-A8BEC0F6E435}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{5E38DF59-889B-455E-98E8-97AC0FDC252B}C:\users\adina\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\adina\downloads\utorrent.exe | 
"TCP Query User{7A8CC01B-01CC-4E84-B1F5-D5523CEF306E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{9B4F2E02-C545-405F-8E4D-D98EA81C16A5}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{9BD89FF6-A567-4269-8D1E-57F9CDBCD8DF}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"TCP Query User{A5620B3E-672B-456D-AA42-6E13098C9E53}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{D1403207-B4FB-4F4C-8015-DC56371CAF81}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{11026EFF-346B-4260-9700-10F109AE78AE}C:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{199324CF-757A-4E8D-ADA2-26FFFDA2E1F7}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{4296701F-0F01-460F-961E-9DE63469F2A0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{4515A6ED-7885-47BD-A2BA-12E5D68A4C6F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{49B4820D-4A37-4713-AAF0-823AFD4E8C46}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{52E58A35-9EB0-460C-9F71-7004AC2AC8DF}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"UDP Query User{5D84BD84-3719-488F-8B2C-F62CB6E530C1}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe | 
"UDP Query User{88E936EF-A781-4A68-85ED-FB31CE5C505C}C:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{A096E0B4-967F-4790-AD74-404B94766BE0}C:\users\adina\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\adina\downloads\utorrent.exe | 
"UDP Query User{D0EB3F09-3791-459A-BF9C-21168DA530CB}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{D58571BA-865B-446E-AD6C-F77077C7C9E0}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe | 
"UDP Query User{E92AB952-607B-491B-9054-5B580B2F30CE}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{FB8237B9-9519-435F-B8C0-0A2B943B1C15}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}" = Angry Birds
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07EA4E9F-BD35-4F38-9809-D825B772B833}" = Image Optimizer 3.0
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr.Printer 
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.7.2
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather™ The Game
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 1.6
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 60
"{26A24AE4-039D-4CA4-87B4-2F83218005FF}" = Java 8 Update 5
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4254522D-5637-006A-76A7-A75C790C0B00}" = MediaCaster by Ask
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68e29fba-92b1-4f6f-a604-1d8679da3a9f}" = Avira
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70E4E07C-4C81-4B19-9D49-37AEB65E3A6B}_is1" = Smile Desktop version 1.0.4.259
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92E64C51-5096-442F-9A44-61CB2941391D}" = ACDSee 4.0 PowerPack Suite
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AC76BA86-7AD7-2530-0000-A00000000004}" = Extended Asian Language font pack for Adobe Reader XI
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)  MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCB74778-4397-4335-8455-A75ACE919510}" = Image Compressor 2008 Free Edition
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C8736F91-44EF-4E78-8215-8E1A2401F6F4}" = Angry Birds Seasons
"{D0DB3714-CFA1-4FA7-ABA3-B1DCB5998895}" = Avira
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40B2C78-30CA-4A8F-A157-C86B491C73AF}" = ACDSee Pro 6
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIMP3" = AIMP3
"AutoCorect stil contemporan_is1" = AutoCorect 4.1.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 9.0.1 4092550_is1" = Mathematica Extras 9.0 (4092550)
"Battle.net" = Battle.net
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Fallout New Vegas_is1" = Fallout New Vegas
"FileHippo.com" = FileHippo.com Update Checker
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GeoGebra 4.2" = GeoGebra 4.2
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hearthstone" = Hearthstone
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Mp3tag" = Mp3tag v2.54
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Recuva" = Recuva
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Samsung PC Studio 7" = Samsung PC Studio 7
"SoundTap" = SoundTap Streaming Audio Recorder
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.7
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.01 (32-bit)
"Xilisoft MP4 to DVD Converter" = Xilisoft MP4 to DVD Converter
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-747581154-1102267190-2633786192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.05.2014 10:37:53 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 30.05.2014 23:50:29 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 30.05.2014 23:57:58 | Computer Name = Adina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 29.0.1.5239, time
 stamp: 0x5369959a  Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
 stamp: 0x521ea91c  Exception code: 0xc0000374  Fault offset: 0x000c3873  Faulting process
 id: 0xe20  Faulting application start time: 0x01cf7c8405c7a482  Faulting application
 path: C:\Program Files\Mozilla Firefox\firefox.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: c007650c-e877-11e3-a53e-1c6f654eb443
 
Error - 31.05.2014 01:50:24 | Computer Name = Adina-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
 PC Studio 7\TIS_VistaPIM.dll".  Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 01.06.2014 00:42:16 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 01.06.2014 13:43:16 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 01.06.2014 13:53:38 | Computer Name = Adina-PC | Source = Windows Backup | ID = 4100
Description = Backup did not complete successfully because a shadow copy could not
 be created. Free up disk space on the drive that you are backing up by deleting
 unnecessary files and then try again.
 
Error - 01.06.2014 15:32:00 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 02.06.2014 01:28:26 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 02.06.2014 03:08:15 | Computer Name = Adina-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
 PC Studio 7\TIS_VistaPIM.dll".  Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ OSession Events ]
Error - 10.01.2013 02:12:46 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1104
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 10.01.2013 02:28:02 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 901
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 13.06.2013 13:33:59 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12709
 seconds with 8160 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2013 07:50:19 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4870
 seconds with 4500 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2013 07:51:39 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2013 12:22:00 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18762
 seconds with 8580 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2013 12:27:50 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 342
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2013 12:29:29 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 09.03.2014 18:03:04 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14937
 seconds with 3600 seconds of active time.  This session ended with a crash.
 
Error - 17.05.2014 16:53:30 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6880
 seconds with 3660 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.06.2014 01:31:23 | Computer Name = Adina-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 02.06.2014 01:31:23 | Computer Name = Adina-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 02.06.2014 01:31:23 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 02.06.2014 01:31:23 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 02.06.2014 01:31:23 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 02.06.2014 01:31:23 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 02.06.2014 03:14:05 | Computer Name = Adina-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 02.06.2014 03:14:19 | Computer Name = Adina-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume Windows7.
 
Error - 02.06.2014 03:14:30 | Computer Name = Adina-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 02.06.2014 03:14:43 | Computer Name = Adina-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume Windows7.
 
 
< End of report >
 
 
 
 
 

  • 0

#18
Pyxis
Posted 03 June 2014 - 08:08 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    Temporarily disable Avira's HOSTS file protection by following the steps below.
    • Right-click on the system tray icon for Avira > Configure Avira Free Antivirus.
    • Once the program screen has loaded, navigate to Expert Mode > General > Security.
    • Under System Protection, uncheck Protect Windows hosts file from changes > Apply > OK.

Note: You may re-enable the above after running the custom OTL script below. If Avira warns about the modification afterwards, simply allow it.

  • Step 2

    Run your copy of OTL by double-clicking it.
    • Copy and paste the following into the Custom Scans/Fixes box:
      :OTL
SRV - [2014.04.01 22:19:43 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
[2014.05.11 09:30:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
C:\USERS\ADINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E94GFN82.DEFAULT\EXTENSIONS\[email protected]
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [VNT] C:\Program Files\VNT\vntldr.exe (APN LLC.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
[2014.05.29 22:45:33 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\VNT
[2014.05.29 22:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\VNT
[2014.05.29 22:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2014.05.29 22:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2014.05.29 22:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014.05.14 13:00:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

:Files
netsh advfirewall reset /c 
netsh advfirewall set allprofiles state on /c 

:Commands
[emptytemp]
[resethosts]

      cF4ib.png

    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)

  • 0

#19
Kristina
Posted 04 June 2014 - 01:34 PM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

I can't find Configure Avira Free Antivirus. I have Manage Antivirus when I click on the taskbar icon. There I can't find Expert mode. (I have the Free Antivirus).


Edited by Kristina, 04 June 2014 - 01:35 PM.

  • 0

#20
Pyxis
Posted 04 June 2014 - 08:07 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    Temporarily disable Avira's HOSTS file protection by following the steps below.
    • Right-click on the system tray icon for Avira > Manage Antivirus.
    • Once the program screen has loaded, navigate to Extras > Configuration > General > Security.
    • Under System protection, uncheck Protect Windows hosts file from changes > Apply > OK.

Note: You may re-enable the above after running the custom OTL script below. If Avira warns about the modification afterwards, simply allow it.

  • Step 2

    Run your copy of OTL by double-clicking it.
    • Copy and paste the following into the Custom Scans/Fixes box:
      :OTL
SRV - [2014.04.01 22:19:43 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
[2014.05.11 09:30:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
C:\USERS\ADINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E94GFN82.DEFAULT\EXTENSIONS\[email protected]
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [VNT] C:\Program Files\VNT\vntldr.exe (APN LLC.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
[2014.05.29 22:45:33 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\VNT
[2014.05.29 22:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\VNT
[2014.05.29 22:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2014.05.29 22:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2014.05.29 22:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014.05.14 13:00:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

:Files
netsh advfirewall reset /c 
netsh advfirewall set allprofiles state on /c 

:Commands
[emptytemp]
[resethosts]

      cF4ib.png

    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)

  • 0

#21
Kristina
Posted 05 June 2014 - 05:26 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
All processes killed
========== OTL ==========
Service APNMCP stopped successfully!
Service APNMCP deleted successfully!
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon deleted successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VNT deleted successfully.
C:\Program Files\VNT\vntldr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
Folder 14.05.29 22:45:33 | 000,000,000 | ---D | C] --\ not found.
C:\Program Files\VNT folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\BTR-V7\Updater\Response folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\BTR-V7\Updater\Config folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\BTR-V7\Updater folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\BTR-V7\CRX folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\BTR-V7 folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar folder moved successfully.
C:\ProgramData\AskPartnerNetwork folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\BTR-V7 folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\Updater folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\program files\VNT folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\program files\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\program files\AskPartnerNetwork\ChromeUtils folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\program files\AskPartnerNetwork folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\program files folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\common appdata\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\common appdata\AskPartnerNetwork folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\common appdata folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\appdata\Mozilla\Firefox\Profiles folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\appdata\Mozilla\Firefox folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\appdata\Mozilla folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source\appdata folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7\Source folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\BTR-V7 folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files\AskPartnerNetwork\ChromeUtils folder moved successfully.
C:\Program Files\AskPartnerNetwork folder moved successfully.
C:\ProgramData\APN\APN-Stub folder moved successfully.
C:\ProgramData\APN folder moved successfully.
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} folder moved successfully.
========== FILES ==========
< netsh advfirewall reset /c  >
Ok.
C:\Users\Adina\Desktop\cmd.bat deleted successfully.
C:\Users\Adina\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c  >
Ok.
C:\Users\Adina\Desktop\cmd.bat deleted successfully.
C:\Users\Adina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Adina
->Temp folder emptied: 12555358 bytes
->Temporary Internet Files folder emptied: 5919408 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88438901 bytes
->Google Chrome cache emptied: 250964308 bytes
->Flash cache emptied: 1028 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1758179 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 27455885671 bytes
 
Total Files Cleaned = 26.527,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.2 log created on 06052014_135338
 
Files\Folders moved on Reboot...
C:\Users\Adina\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
C:\Users\Adina\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#22
Pyxis
Posted 05 June 2014 - 07:29 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
How is your computer performing?
  • 0

#23
Dakeyras
Posted 08 June 2014 - 11:31 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#24
Pyxis
Posted 24 August 2014 - 08:29 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Provide me with fresh OTL logs, please.


  • 0

#25
Kristina
Posted 24 August 2014 - 12:03 PM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
OTL logfile created on: 24.08.2014 20:53:52 - Run 9
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adina\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy
 
3,30 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 38,50% Memory free
4,30 Gb Paging File | 1,35 Gb Available in Paging File | 31,40% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 31,65 Gb Free Space | 32,44% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 46,26 Gb Free Space | 12,57% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 173,79 Gb Free Space | 74,63% Space Free | Partition Type: NTFS
Drive H: | 2794,51 Gb Total Space | 2386,63 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
 
Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.08.24 20:28:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Downloads\OTL.exe
PRC - [2014.08.07 06:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014.08.06 17:27:09 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014.08.06 17:26:59 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.08.06 17:26:59 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.08.06 17:26:59 | 000,426,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014.08.04 14:20:42 | 000,161,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014.08.04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014.07.23 02:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 05:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.05 19:09:32 | 003,474,888 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7620\Webshots.scr
PRC - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.08.07 06:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014.08.07 06:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014.08.07 06:20:49 | 000,718,152 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
MOD - [2014.08.07 06:20:47 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\libegl.dll
MOD - [2014.08.07 06:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2014.08.04 14:20:40 | 000,139,056 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014.08.04 14:20:34 | 000,052,472 | ---- | M] () -- C:\Users\Adina\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014.02.14 02:48:35 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014.02.14 02:47:43 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014.02.14 02:47:17 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014.02.14 02:46:24 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014.02.14 02:46:23 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014.02.14 01:54:50 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.02.14 01:54:35 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.02.14 01:54:32 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014.02.14 01:54:30 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014.02.14 01:54:28 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014.02.14 01:54:25 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.02.14 01:54:22 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014.02.14 01:54:22 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014.02.14 01:54:20 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014.02.14 01:54:20 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014.02.14 01:54:15 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.02.14 01:54:14 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.02.14 01:54:13 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.02.14 01:54:11 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014.02.14 01:54:08 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.02.14 01:54:07 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.02.14 01:54:06 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.02.14 01:54:02 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014.02.14 01:54:00 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2012.05.25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012.05.25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2009.05.16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008.12.06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014.08.06 17:27:09 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.08.06 17:26:59 | 001,021,520 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2014.08.06 17:26:59 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.08.04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014.07.27 13:31:45 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.07.25 15:10:12 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.07.23 20:57:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.07.23 02:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.09 11:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.11.03 20:58:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.08.18 13:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 21:08:04 | 008,186,368 | ---- | M] () [Auto | Start_Pending] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 10:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Stopped] -- C:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 12:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (gdrv)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aj1ccp77)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys -- ({0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw)
DRV - [2014.08.14 22:41:43 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2014.08.14 22:31:15 | 000,320,120 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2014.06.24 14:11:08 | 000,097,648 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014.05.12 19:03:11 | 000,270,336 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2014.05.12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014.05.12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014.05.09 11:16:58 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2014.05.09 11:16:43 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014.05.09 11:16:43 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.18 19:39:36 | 000,040,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 17:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2009.11.06 05:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2009.09.17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.02.12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 20:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 16:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.20.2: C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.20.2: C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.07.23 20:57:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.08.19 17:27:23 | 000,000,000 | ---D | M]
 
[2010.12.29 16:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2014.05.18 16:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2014.07.17 19:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions
[2013.07.04 15:17:50 | 000,000,904 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\searchplugins\yahoo.xml
[2014.07.23 20:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.07.23 20:57:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.07.23 20:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.07.23 20:57:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.07.23 20:57:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\USERS\ADINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E94GFN82.DEFAULT\EXTENSIONS\[email protected]
[2011.09.16 12:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 18:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.ro/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: YoWindow Weather = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.43_0\
CHR - Extension: AdBlock = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.12_0\
CHR - Extension: Google Wallet = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014.06.05 13:54:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\RunOnce: [Application Restart #1] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7620\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.20.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.20.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.08.24 14:16:34 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\42426_files
[2014.08.22 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\New folder
[2014.08.20 15:26:36 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\ElevatedDiagnostics
[2014.08.20 14:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014.08.19 13:04:09 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\CrashDumps
[2014.08.14 22:48:43 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\Chromium
[2014.08.14 22:48:28 | 000,000,000 | ---D | C] -- C:\Users\Adina\Documents\Catan
[2014.08.14 22:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014.08.14 22:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2014.08.14 22:41:43 | 000,243,128 | ---- | C] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2014.08.14 22:31:15 | 000,320,120 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2014.08.14 22:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2014.08.14 22:30:47 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\DAEMON Tools Lite
[2014.08.14 22:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2014.08.14 22:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014.08.12 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\SUPERAntiSpyware.com
[2014.08.12 22:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014.07.27 17:25:41 | 000,000,000 | ---D | C] -- C:\NPE
[2014.07.27 17:23:00 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\NPE
[2014.07.27 16:09:45 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\Webshots
[2014.07.27 16:09:32 | 000,000,000 | ---D | C] -- C:\Users\Adina\Documents\Webshots Playlist
[2014.07.27 16:09:32 | 000,000,000 | ---D | C] -- C:\Users\Adina\Documents\Webshots
[2014.07.27 14:06:37 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\Adobe
[2014.07.27 13:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\YoWindow
[2014.07.27 13:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
 
========== Files - Modified Within 30 Days ==========
 
[2014.08.24 20:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.08.24 20:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.08.24 20:12:48 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.08.24 20:12:48 | 000,019,040 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.08.24 18:01:06 | 000,001,074 | ---- | M] () -- C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2014.08.24 14:47:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf6b7df7503398.job
[2014.08.24 14:16:34 | 000,005,009 | ---- | M] () -- C:\Users\Adina\Desktop\42426.htm
[2014.08.24 11:05:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.08.24 11:05:00 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2014.08.23 16:06:12 | 003,997,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.08.22 23:15:37 | 000,320,016 | ---- | M] () -- C:\Users\Adina\Desktop\Scrisori_recomandare_Joita.rar
[2014.08.22 23:15:24 | 003,165,825 | ---- | M] () -- C:\Users\Adina\Desktop\Dosar Joita.zip
[2014.08.22 23:15:19 | 002,646,278 | ---- | M] () -- C:\Users\Adina\Desktop\Dosar Bereanu.zip
[2014.08.20 23:00:53 | 000,097,539 | ---- | M] () -- C:\Users\Adina\Desktop\MainOrder.pdf
[2014.08.19 13:01:24 | 000,002,836 | ---- | M] () -- C:\Windows\System32\SCOALA CENTRALA-simpozion - Shortcut ().lnk
[2014.08.18 23:38:47 | 000,736,942 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014.08.18 23:38:47 | 000,653,562 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.08.18 23:38:47 | 000,146,706 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014.08.18 23:38:47 | 000,119,270 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.08.14 22:41:43 | 000,243,128 | ---- | M] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2014.08.12 17:43:28 | 000,037,727 | ---- | M] () -- C:\Users\Adina\Desktop\Adina Cristea_15348-132949-F9CE1E3E4D2B-2561.pdf
 
========== Files Created - No Company Name ==========
 
[2014.08.24 14:16:34 | 000,005,009 | ---- | C] () -- C:\Users\Adina\Desktop\42426.htm
[2014.08.22 23:15:37 | 000,320,016 | ---- | C] () -- C:\Users\Adina\Desktop\Scrisori_recomandare_Joita.rar
[2014.08.22 23:15:22 | 003,165,825 | ---- | C] () -- C:\Users\Adina\Desktop\Dosar Joita.zip
[2014.08.22 23:15:17 | 002,646,278 | ---- | C] () -- C:\Users\Adina\Desktop\Dosar Bereanu.zip
[2014.08.20 23:00:53 | 000,097,539 | ---- | C] () -- C:\Users\Adina\Desktop\MainOrder.pdf
[2014.08.19 13:01:24 | 000,002,836 | ---- | C] () -- C:\Windows\System32\SCOALA CENTRALA-simpozion - Shortcut ().lnk
[2014.08.12 17:43:28 | 000,037,727 | ---- | C] () -- C:\Users\Adina\Desktop\Adina Cristea_15348-132949-F9CE1E3E4D2B-2561.pdf
[2014.07.23 11:20:32 | 000,033,440 | ---- | C] () -- C:\Windows\System32\drivers\DasPtct.SYS
[2014.05.12 19:00:16 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014.05.12 19:00:10 | 013,913,600 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2014.05.12 19:00:09 | 000,000,146 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2014.05.12 18:58:27 | 005,804,772 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2014.05.12 18:58:22 | 000,757,301 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.05.12 18:57:54 | 000,502,584 | ---- | C] () -- C:\Windows\System32\audioLibVc.dll
[2014.05.12 18:57:53 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2014.04.17 21:39:19 | 000,038,434 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2014.04.17 21:37:47 | 000,038,443 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013.07.14 00:13:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013.07.05 05:31:20 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wspspodsini.dll
[2013.07.05 05:28:42 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2013.07.05 05:27:58 | 000,000,884 | RHS- | C] () -- C:\Users\Adina\ntuser.pol
[2013.02.18 19:39:36 | 000,040,344 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.11.07 19:25:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ADINA-PC-Microsoft-Windows-7-Enterprise-(32-bit).dat
[2012.07.08 16:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 22:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.04.17 14:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 22:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.02.19 15:57:07 | 000,023,552 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 19:57:00 | 000,004,096 | ---- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.29 16:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 05:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2010.11.20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.01.21 22:59:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ACD Systems
[2011.04.14 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\adma
[2014.07.22 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AIMP3
[2011.06.21 19:43:24 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Auslogics
[2011.09.18 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AutoCorect Contemporan
[2013.11.05 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Battle.net
[2014.02.04 23:19:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer
[2011.01.08 20:58:08 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer Pro
[2011.06.20 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Canon
[2012.01.16 03:03:56 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.16 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014.05.12 20:06:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2014.08.14 22:43:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DAEMON Tools Lite
[2011.09.10 11:13:00 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Design Science
[2014.05.17 12:37:39 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Dropbox
[2014.05.16 15:44:06 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DropboxMaster
[2013.04.03 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2011.01.25 12:50:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\FireShot
[2010.12.29 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Foxit Software
[2011.06.26 18:47:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GrabPro
[2011.10.02 01:55:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ImTOO Software Studio
[2011.05.22 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IrfanView
[2011.03.19 17:06:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\iSpring Solutions
[2011.02.20 23:43:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Leadertech
[2013.09.10 14:48:59 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Mp3tag
[2011.09.27 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Multimedia Player
[2011.04.19 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Nitro PDF
[2012.11.13 02:06:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Notepad++
[2014.08.01 21:59:54 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Octoshape
[2011.09.27 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\PC Suite
[2011.06.26 18:47:21 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ProgSense
[2014.07.23 00:43:24 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\QuickScan
[2013.11.01 12:38:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Rovio
[2014.02.22 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Rovio Entertainment Ltd
[2011.11.22 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Samsung
[2012.12.17 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.09 15:57:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TeamViewer
[2012.03.31 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Total Eclipse
[2014.08.19 00:51:34 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\uTorrent
[2011.09.13 17:08:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Webshots
[2013.08.22 00:23:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\WinPatrol
[2012.09.02 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Xilisoft
[2010.12.29 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >

  • 0

Advertisements

#26
Kristina
Posted 24 August 2014 - 12:06 PM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

Hi and thanks for reopening the topic! My computer is having a very slow startup, taking up a few minutes. What could still be the problem?


  • 0

#27
Kristina
Posted 24 August 2014 - 12:10 PM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
OTL Extras logfile created on: 24.08.2014 21:07:20 - Run 10
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adina\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy
 
3,30 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 27,88% Memory free
4,30 Gb Paging File | 1,02 Gb Available in Paging File | 23,79% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 31,65 Gb Free Space | 32,44% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 46,26 Gb Free Space | 12,57% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 173,79 Gb Free Space | 74,63% Space Free | Partition Type: NTFS
Drive H: | 2794,51 Gb Total Space | 2386,63 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
 
Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\WinHlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.txt [@ = AutoCorectFile] -- C:\Program Files\AutoCorect\AutoCorect.exe (Softset)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\WinHlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1221953B-CA66-4CCB-80AF-38BDFFB2006B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1533BDB0-5383-416C-8985-BCE52558C7DC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{206378E8-8C75-45E9-A7C4-8F50A618CFF2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{267F4238-C958-4488-9D2B-E92ACAC6E620}" = rport=139 | protocol=6 | dir=out | app=system | 
"{52BE1540-0EBD-4979-AAF5-B4CB012A44AF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5EC81155-7D40-45FD-A881-3EEC4A2224C2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6D374B8A-1CCB-4C2B-B862-BD36F0DC934C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74AAA3D0-5190-44F0-B692-8BAFD261C47F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D986DE6-CFAA-4D5E-9641-08A407276E3B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B6ABA53A-47CC-48F4-BE55-D03F079F2FAD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{BB074BF7-5120-4179-8505-80BFF08D1EF3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{C99343D6-8216-44B2-8D19-848C2BA3D40C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E189F628-2E6D-4C54-B824-D15C3C95B841}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007FDC37-A204-4B31-B120-7BE1CABAC37C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | 
"{02B5E8F9-7B5E-4820-B1F5-CA04C4F75919}" = protocol=1 | dir=out | [email protected],-28544 | 
"{05B4B34A-4B7B-4F9D-8E60-658E23CC7551}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{083BFA1D-D22E-4DB8-A10D-04892A5C481B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe | 
"{1127A6A2-69B5-48BD-847E-3FB3ADFB5262}" = protocol=1 | dir=in | [email protected],-28543 | 
"{1E5FA496-4397-4B49-B5FF-A922F811CC2B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe | 
"{29658E48-4467-4627-AB52-21A85E44B140}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe | 
"{377F45C1-23F1-4C03-9907-63722BD2FFCC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{4F6D5DCE-CCC0-4278-8070-8F370D94F0FB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | 
"{56365165-9CE7-49DC-9AEA-7DA8C264110C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{650D8E6F-EA34-4A0B-91F6-2FB940630319}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe | 
"{8C47F970-F434-4106-B206-3A7FD514EB7B}" = protocol=58 | dir=out | [email protected],-28546 | 
"{97DF47E7-318E-4417-A7B6-AB6209C65767}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{A7A365A5-EE19-4179-8904-0C495FC06F9E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{BC213EDB-74EB-4157-9513-75AB6099E74C}" = protocol=58 | dir=in | [email protected],-28545 | 
"{C0EBB3E9-8C62-465B-B459-EE2E75FB1FDC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe | 
"{E3E580DD-A7CC-4BD8-8971-2088707F2F7B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | 
"{EE82C4CC-3C91-4EF0-8C8C-4544FB4F25AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | 
"{FE76D744-A7D3-402E-9506-CD197F250CF0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe | 
"TCP Query User{2ED29111-784D-4308-9307-A9CE1D856864}C:\program files\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
"TCP Query User{706ADEF6-6D9D-49E5-9ABC-C66C710BF5B5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{BE8105B6-2D44-448F-AFCA-828A28680DD4}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{F2ED2DD0-A361-42CB-AF47-32297239BD87}C:\users\adina\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{0FF64A99-FF9C-4EF5-91FB-786DA024F6F5}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{297504E7-0497-4156-8419-E71E46AF1720}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{A8A50B30-1CC3-460D-BAD2-B33A65470A3D}C:\users\adina\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{EF4ED572-8F1F-4CFA-A6BF-718DD55283AA}C:\program files\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}" = Angry Birds
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07EA4E9F-BD35-4F38-9809-D825B772B833}" = Image Optimizer 3.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr.Printer 
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10AE4FDC-32F9-4E56-8EE1-10629DD11C4E}" = Avira
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 1.6
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83218011FF}" = Java 8 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83218020F0}" = Java 8 Update 20
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{8E72C965-3C30-4A4C-814E-F72C6F4C30D6}" = 
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E64C51-5096-442F-9A44-61CB2941391D}" = ACDSee 4.0 PowerPack Suite
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AC76BA86-7AD7-2530-0000-A00000000004}" = Extended Asian Language font pack for Adobe Reader XI
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)  MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B84DEFE1-0175-47C9-BC1D-8645FCBC0ECE}_is1" = Webshots Wallpaper & Screensaver version 1.6.4.62
"{BCB74778-4397-4335-8455-A75ACE919510}" = Image Compressor 2008 Free Edition
"{C8736F91-44EF-4E78-8215-8E1A2401F6F4}" = Angry Birds Seasons
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40B2C78-30CA-4A8F-A157-C86B491C73AF}" = ACDSee Pro 6
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{e67154a7-9cc5-4167-b782-f3982bc6c70d}" = Avira
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIMP3" = AIMP3
"AutoCorect stil contemporan_is1" = AutoCorect 4.1.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 9.0.1 4092550_is1" = Mathematica Extras 9.0 (4092550)
"Battle.net" = Battle.net
"BSPlayerf" = BS.Player FREE
"Catan: Creator's Edition_is1" = Catan: Creator's Edition
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"FileHippo.com" = FileHippo.com Update Checker
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GeoGebra 4.2" = GeoGebra 4.2
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hearthstone" = Hearthstone
"IECT3329621" = BS Player ControlBar B Toolbar for IE
"IrfanView" = IrfanView (remove only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Mp3tag" = Mp3tag v2.54
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Samsung PC Studio 7" = Samsung PC Studio 7
"SoundTap" = SoundTap Streaming Audio Recorder
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.7
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.01 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.08.2014 04:38:24 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 22.08.2014 08:16:27 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 22.08.2014 15:43:13 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 22.08.2014 17:57:57 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 23.08.2014 07:28:51 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 23.08.2014 08:01:18 | Computer Name = Adina-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
 PC Studio 7\TIS_VistaPIM.dll".  Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 23.08.2014 09:06:11 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 24.08.2014 04:05:28 | Computer Name = Adina-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
 find the path specified.     .
 
Error - 24.08.2014 08:00:46 | Computer Name = Adina-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
 PC Studio 7\TIS_VistaPIM.dll".  Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 24.08.2014 12:00:24 | Computer Name = Adina-PC | Source = Windows Backup | ID = 4100
Description = Backup did not complete successfully because a shadow copy could not
 be created. Free up disk space on the drive that you are backing up by deleting
 unnecessary files and then try again.
 
[ OSession Events ]
Error - 10.01.2013 02:12:46 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1104
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 10.01.2013 02:28:02 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 901
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 13.06.2013 13:33:59 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12709
 seconds with 8160 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2013 07:50:19 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4870
 seconds with 4500 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2013 07:51:39 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2013 12:22:00 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18762
 seconds with 8580 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2013 12:27:50 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 342
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2013 12:29:29 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 09.03.2014 18:03:04 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14937
 seconds with 3600 seconds of active time.  This session ended with a crash.
 
Error - 17.05.2014 16:53:30 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6880
 seconds with 3660 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.08.2014 04:07:46 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw
 
Error - 24.08.2014 04:09:11 | Computer Name = Adina-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 24.08.2014 04:09:11 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 24.08.2014 04:09:11 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 24.08.2014 04:09:22 | Computer Name = Adina-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 24.08.2014 04:09:22 | Computer Name = Adina-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 24.08.2014 04:09:22 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 24.08.2014 04:09:22 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 24.08.2014 04:09:22 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 24.08.2014 04:09:22 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
 
< End of report >

  • 0

#28
Pyxis
Posted 25 August 2014 - 09:10 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    The slowdown you are experiencing quite possibly stems from having too many security programs. As such, I ask that you remove the below program(s) to ensure no such conflict arises:
    • HiJackThis
    • Malwarebytes Anti-Malware
    • SUPERAntiSpyware
    • WinPatrol
    While disabling is an option, for a more hassle-free solution, I recommend uninstalling the above program(s) through Control Panel > Add or Remove Programs (Windows XP) or Control Panel > Programs and Features > Uninstall a Program (Windows Vista & Windows 7).
  • Step 2

    After examining your logs, I have seen that you currently have one or more P2P Programs installed. I would recommend their removal as the networks these programs are involved in are breeding places for malware. The things you are downloading are not one hundred percent safe as they can be uploaded by anyone on the Internet, some possibly aiding in the propagation of malware.

    More can be read from the following sources:You are advised to remove the following programs by uninstalling them:
    • µTorrent
    Note: This step is optional. You may or may not remove the programs, however I strongly suggest getting rid or disabling them before we continue with the process.
  • Step 3

    Run your copy of OTL by double-clicking it.
    • Copy and paste the following into the Custom Scans/Fixes box:
      :OTL
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aj1ccp77)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys -- ({0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\USERS\ADINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E94GFN82.DEFAULT\EXTENSIONS\[email protected]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2014.07.23 00:43:24 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\QuickScan
[2011.09.27 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\PC Suite

:Files
C:\Program Files\McAfee

:Commands
[emptytemp]
[resethosts]
    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)

  • 0

#29
Kristina
Posted 28 August 2014 - 01:50 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
All processes killed
========== OTL ==========
Service McAfee SiteAdvisor Service stopped successfully!
Service McAfee SiteAdvisor Service deleted successfully!
File c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe not found.
Error: No service named aj1ccp77 was found to stop!
Service\Driver key aj1ccp77 not found.
Service {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw stopped successfully!
Service {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw deleted successfully!
File system32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
Prefs.js: "http://search.yahoo.....type=198484&p=" removed from keyword.URL
Prefs.js: "chr-greentree_ff&ilc=12&type=198484" removed from browser.search.param.yahoo-fr
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Users\Adina\AppData\Roaming\QuickScan folder moved successfully.
C:\Users\Adina\AppData\Roaming\PC Suite\Settings folder moved successfully.
C:\Users\Adina\AppData\Roaming\PC Suite\354549022353146 folder moved successfully.
C:\Users\Adina\AppData\Roaming\PC Suite folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\McAfee not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Adina
->Temp folder emptied: 9420065 bytes
->Temporary Internet Files folder emptied: 1322922 bytes
->Java cache emptied: 10030466 bytes
->FireFox cache emptied: 63499808 bytes
->Google Chrome cache emptied: 380234581 bytes
->Flash cache emptied: 909 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 612814 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2029895 bytes
 
Total Files Cleaned = 446,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.2 log created on 08282014_104410
 
Files\Folders moved on Reboot...
C:\Users\Adina\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

Edited by Kristina, 28 August 2014 - 01:50 AM.

  • 0

#30
Kristina
Posted 28 August 2014 - 02:04 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

I uninstalled the programs you mentioned and ran the OTL fixes.

 

Now the startup remains as slow as before. Windows Updates was not working before but let me install updates after the fix.

 

Now however I got again a notification to turn on Avira desktop (this had disappeared after the previous fixes in the beginning of the thread).


Edited by Kristina, 28 August 2014 - 02:06 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP