Google Chrome - Sirefef.gen!C.

OTL.txt

OTL logfile created on: 5/16/2013 8:02:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrei\Desktop
Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 72.88% Memory free
3.86 Gb Paging File | 3.14 Gb Available in Paging File | 81.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 71.86 Gb Free Space | 71.86% Space Free | Partition Type: NTFS
Drive D: | 198.08 Gb Total Space | 81.30 Gb Free Space | 41.04% Space Free | Partition Type: NTFS
Drive H: | 1.88 Gb Total Space | 1.68 Gb Free Space | 89.70% Space Free | Partition Type: FAT

Computer Name: ANDREI-PC | User Name: Andrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/16 18:38:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrei\Desktop\OTL.exe
PRC - [2013/05/16 18:37:46 | 000,816,128 | ---- | M] () -- C:\Users\Andrei\Desktop\RogueKiller.exe
PRC - [2013/01/27 11:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2010/09/08 13:05:34 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/09/08 13:05:34 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010/09/07 00:31:38 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/14 11:42:35 | 000,225,280 | ---- | M] () -- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2013/05/12 01:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/23 11:44:42 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/26 15:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 17:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/05 18:02:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/08 13:05:34 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/07/14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CpqDfw.sys -- (CpqDfw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrei\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/05/16 19:55:21 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB29049B-CA9C-47B6-B29F-3BF0841A0013}\MpKslb10e2ede.sys -- (MpKslb10e2ede)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/29 20:46:12 | 000,024,424 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dfx11_1.sys -- (DFX11_1)
DRV - [2012/05/05 18:00:45 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/03/16 15:55:26 | 000,193,536 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012/03/16 15:55:26 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/03/16 15:55:26 | 000,073,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/03/16 15:55:26 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/03/16 15:55:24 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/12/15 20:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/09/08 13:05:34 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/06/02 15:08:36 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/03/23 10:10:47 | 000,106,240 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hwmob01.sys -- (hwmobilehsn)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/07/23 15:04:24 | 000,022,528 | ---- | M] (SoundGenetics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aubridge.sys -- (audiobridge)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Andrei\Desktop
IE - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D BE 87 06 53 2A CD 01  [binary data]
IE - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== Firefox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/04 12:42:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/04 12:42:43 | 000,000,000 | ---D | M]

[2013/05/16 13:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrei\AppData\Roaming\Mozilla\Extensions
[2012/05/04 17:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/04 17:56:58 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/05/24 17:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/05/24 17:33:52 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2013/05/12 00:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/16 13:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/16 13:46:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrei\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\Andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: căutare Google = C:\Users\Andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: ***** = C:\Users\Andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Little Alchemy = C:\Users\Andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
CHR - Extension: Marc Ecko = C:\Users\Andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk\2_0\
CHR - Extension: uTorrentControl2 = C:\Users\Andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.19.11_0\
CHR - Extension: Gmail = C:\Users\Andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/16 19:46:51 | 000,000,019 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3142849114-4278098448-50972506-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3142849114-4278098448-50972506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.180.223.1 81.180.222.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A021C8B-F2EF-4673-BF4A-49A88689992A}: DhcpNameServer = 81.12.132.206 81.12.128.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA9D846-8BCD-43E0-9C90-3CDEFC20537C}: DhcpNameServer = 81.180.223.1 81.180.222.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/16 20:02:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrei\Desktop\OTL.exe
[2013/05/16 19:52:12 | 000,000,000 | ---D | C] -- C:\Users\Andrei\Desktop\RK_Quarantine
[2013/05/16 19:29:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/16 19:28:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/16 19:28:58 | 000,000,000 | ---D | C] -- C:\Users\Andrei\AppData\Local\temp
[2013/05/16 19:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/16 19:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/16 19:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/16 19:13:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/16 19:13:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/16 13:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/16 13:56:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/16 13:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/16 13:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/16 09:51:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/16 09:51:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/16 09:51:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/16 09:51:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/16 09:51:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/16 09:51:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/16 09:51:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/16 09:51:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/16 09:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/05/16 09:39:50 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/05/16 09:39:50 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/05/16 09:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/16 09:39:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/05/16 09:39:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/16 09:39:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/05/16 09:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/05/16 09:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/16 09:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/16 09:39:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/16 09:39:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/05/16 09:39:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/16 09:39:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/16 09:39:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/16 09:39:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/05/16 09:39:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/16 09:39:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/05/16 09:39:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/05/16 09:39:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/05/16 09:39:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/16 09:39:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/05/16 09:39:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/16 09:39:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/05/16 09:39:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/05/16 09:39:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/05/16 09:39:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/16 09:39:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/16 09:39:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/16 09:39:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/05/16 09:39:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/05/16 09:37:46 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2013/05/16 09:29:56 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013/05/16 09:29:56 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013/05/16 09:29:35 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013/05/16 09:29:35 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013/05/16 09:29:35 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013/05/16 09:29:09 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013/05/16 09:29:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013/05/15 21:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/15 13:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/15 12:38:44 | 000,000,000 | ---D | C] -- C:\Users\Andrei\AppData\Local\Mozilla
[2013/05/15 12:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/05/15 10:53:53 | 000,000,000 | ---D | C] -- C:\Users\Andrei\AppData\Roaming\Malwarebytes
[2013/05/15 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/15 10:53:14 | 000,000,000 | ---D | C] -- C:\Users\Andrei\AppData\Local\CCleaner
[2013/05/15 10:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/15 10:53:07 | 000,000,000 | ---D | C] -- C:\Users\Andrei\AppData\Local\Programs
[2013/05/15 10:44:16 | 000,000,000 | ---D | C] -- C:\Users\Andrei\AppData\Local\ElevatedDiagnostics
[2013/05/15 01:14:02 | 000,000,000 | ---D | C] -- C:\Users\Andrei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/05/15 01:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/15 01:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/05/14 22:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/05/14 19:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/05/14 19:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/14 11:59:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/05/14 11:42:25 | 000,000,000 | ---D | C] -- C:\Users\Andrei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013/05/14 11:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013/05/12 00:30:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013/05/12 00:30:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013/05/12 00:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/25 23:12:50 | 000,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Dog Lick.exe
[2013/04/25 23:12:49 | 000,903,680 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Dog Lick.scr
[2013/04/25 23:12:49 | 000,000,000 | ---D | C] -- C:\Windows\Dog Lick Uninstaller
[2013/04/19 13:00:23 | 000,000,000 | ---D | C] -- C:\Users\Andrei\Desktop\sdc222
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/16 20:01:17 | 000,020,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 20:01:17 | 000,020,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 19:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/16 19:53:45 | 1554,198,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/16 19:46:51 | 000,000,019 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/16 19:45:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 19:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/16 18:38:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrei\Desktop\OTL.exe
[2013/05/16 18:37:46 | 000,816,128 | ---- | M] () -- C:\Users\Andrei\Desktop\RogueKiller.exe
[2013/05/15 21:18:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/15 21:18:23 | 002,407,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/15 21:18:23 | 000,725,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/15 18:25:51 | 000,002,225 | ---- | M] () -- C:\Users\Andrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/15 12:38:12 | 000,001,407 | ---- | M] () -- C:\Users\Andrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/15 09:39:45 | 000,017,408 | ---- | M] () -- C:\Users\Andrei\AppData\Local\WebpageIcons.db
[2013/05/11 12:37:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/09 20:11:41 | 233,883,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/09 18:02:04 | 000,007,597 | ---- | M] () -- C:\Users\Andrei\AppData\Local\Resmon.ResmonCfg
[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/16 19:44:38 | 000,816,128 | ---- | C] () -- C:\Users\Andrei\Desktop\RogueKiller.exe
[2013/05/16 19:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/16 19:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/16 19:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/16 19:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/16 19:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/16 13:47:02 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/15 21:18:36 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/05/15 21:17:48 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/15 13:29:05 | 000,002,225 | ---- | C] () -- C:\Users\Andrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/15 09:39:44 | 000,017,408 | ---- | C] () -- C:\Users\Andrei\AppData\Local\WebpageIcons.db
[2013/04/25 23:12:50 | 000,161,078 | ---- | C] () -- C:\Windows\Dog Lick.bmp
[2013/04/25 23:12:50 | 000,000,672 | ---- | C] () -- C:\Windows\Dog Lick.c3
[2013/04/25 23:12:50 | 000,000,672 | ---- | C] () -- C:\Windows\Dog Lick.c1
[2013/04/25 23:12:50 | 000,000,639 | ---- | C] () -- C:\Windows\Dog Lick.c4
[2013/04/25 23:12:50 | 000,000,000 | ---- | C] () -- C:\Windows\Dog Lick.ini
[2013/04/25 23:12:49 | 001,683,990 | ---- | C] () -- C:\Windows\Dog Lick.swf
[2013/02/21 19:41:55 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2013/02/21 19:41:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2013/02/21 19:40:37 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012/10/27 20:36:33 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2012/10/11 14:57:50 | 000,000,037 | -HS- | C] () -- C:\Users\Andrei\AppData\Local\20986331705021ca58edc424.96250074
[2012/10/08 09:47:45 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp
[2012/09/27 20:44:23 | 000,007,597 | ---- | C] () -- C:\Users\Andrei\AppData\Local\Resmon.ResmonCfg
[2012/08/08 18:32:43 | 000,000,332 | ---- | C] () -- C:\Windows\EReg072.dat
[2012/06/11 22:15:49 | 000,001,083 | ---- | C] () -- C:\Users\Andrei\Documents - Shortcut.lnk
[2012/06/04 12:38:21 | 000,170,097 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012/06/04 12:38:21 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat

========== ZeroAccess Check ==========

[2009/07/14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/09/07 00:42:34 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 04:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:66BBBB3E
< End of report >


Extras.txt

OTL Extras logfile created on: 5/16/2013 8:02:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrei\Desktop
Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 72.88% Memory free
3.86 Gb Paging File | 3.14 Gb Available in Paging File | 81.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 71.86 Gb Free Space | 71.86% Space Free | Partition Type: NTFS
Drive D: | 198.08 Gb Total Space | 81.30 Gb Free Space | 41.04% Space Free | Partition Type: NTFS
Drive H: | 1.88 Gb Total Space | 1.68 Gb Free Space | 89.70% Space Free | Partition Type: FAT

Computer Name: ANDREI-PC | User Name: Andrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3142849114-4278098448-50972506-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{983D4147-EC1E-497A-A3C6-44010C88BA11}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CF438A67-F229-4978-8DE0-E1EF05F31439}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{68598413-5932-47D3-9482-9084E1D6525A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{C62DA58C-CB8E-4F3C-8257-45DB64DC781D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{33cc8e60-d6db-45be-9276-b6698187688a}" = F2100
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{42A96544-2842-444E-8A27-A61848DDEC87}" = Adobe Photoshop Lightroom 2.1
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F4C3814A-A45D-C8BC-66F4-426D0955E0ED}" = ATI Catalyst Install Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Audacity_is1" = Audacity 2.0
"DAEMON Tools Lite" = Daemon Tools Lite
"Dog Lick_is1" = Dog Lick
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LAME_is1" = LAME v3.99.3 (for Windows)
"MAGIX Screenshare US" = MAGIX Screenshare 4.3.6.1987 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 21.0 (x86 ro)" = Mozilla Firefox 21.0 (x86 ro)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotomatixPro42x32_is1" = Photomatix Pro version 4.2.4
"Samplitude Music Studio 15 Trial US" = Samplitude Music Studio 15 Trial 15.0.1.0 (US)
"SopCast" = Sopcast 3.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3142849114-4278098448-50972506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2013 7:06:58 PM | Computer Name = Andrei-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 5/14/2013 7:06:58 PM | Computer Name = Andrei-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 5/15/2013 2:42:14 AM | Computer Name = Andrei-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 5/15/2013 2:42:14 AM | Computer Name = Andrei-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 5/15/2013 4:01:05 AM | Computer Name = Andrei-PC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel.    Process ID: 760    Start Time:
01ce51424ae4abd5    Termination Time: 15    Application Path: C:\Program Files\Malwarebytes'
Anti-Malware\mbam.exe    Report Id: 94a08f79-bd35-11e2-870f-cc52af4fcf7d

Error - 5/15/2013 5:24:49 AM | Computer Name = Andrei-PC | Source = Firebird Server | ID = 0
Description =

Error - 5/15/2013 2:01:14 PM | Computer Name = Andrei-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 5/15/2013 2:01:14 PM | Computer Name = Andrei-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 5/15/2013 2:18:19 PM | Computer Name = Andrei-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 5/15/2013 2:18:19 PM | Computer Name = Andrei-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ Media Center Events ]
Error - 5/17/2012 3:25:17 PM | Computer Name = Andrei-PC | Source = MCUpdate | ID = 0
Description = 10:25:17 PM - Error connecting to the internet.  10:25:17 PM - Unable
to contact server..

Error - 5/18/2012 11:20:46 AM | Computer Name = Andrei-PC | Source = MCUpdate | ID = 0
Description = 6:20:46 PM - Error connecting to the internet.  6:20:46 PM - Unable
to contact server..

[ OSession Events ]
Error - 3/25/2013 3:42:56 AM | Computer Name = Andrei-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3212 seconds with 1200 seconds of active time.  This session ended with a
crash.

[ System Events ]
Error - 5/16/2013 12:39:21 PM | Computer Name = Andrei-PC | Source = NetBT | ID = 4321
Description = The name "ANDREI-PC   :0" could not be registered on the interface
with IP address 10.11.1.27.  The computer with the IP address 10.11.0.217 did not
allow the name to be claimed by  this computer.

Error - 5/16/2013 12:41:17 PM | Computer Name = Andrei-PC | Source = NetBT | ID = 4321
Description = The name "ANDREI-PC   :0" could not be registered on the interface
with IP address 10.11.1.27.  The computer with the IP address 10.11.0.217 did not
allow the name to be claimed by  this computer.

Error - 5/16/2013 12:42:37 PM | Computer Name = Andrei-PC | Source = NetBT | ID = 4321
Description = The name "ANDREI-PC   :0" could not be registered on the interface
with IP address 10.11.1.27.  The computer with the IP address 10.11.0.217 did not
allow the name to be claimed by  this computer.

Error - 5/16/2013 12:42:40 PM | Computer Name = Andrei-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{9EA9D846-8BCD-43E0-9C90-3CDEFC20537C}
because another computer on the network has the same name.  The server could not
start.

Error - 5/16/2013 12:42:40 PM | Computer Name = Andrei-PC | Source = NetBT | ID = 4321
Description = The name "ANDREI-PC   :20" could not be registered on the interface
with IP address 10.11.1.27.  The computer with the IP address 10.11.0.217 did not
allow the name to be claimed by  this computer.

Error - 5/16/2013 12:44:59 PM | Computer Name = Andrei-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error:   %%5

Error - 5/16/2013 12:54:03 PM | Computer Name = Andrei-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{9EA9D846-8BCD-43E0-9C90-3CDEFC20537C}
because another computer on the network has the same name.  The server could not
start.

Error - 5/16/2013 12:54:02 PM | Computer Name = Andrei-PC | Source = NetBT | ID = 4321
Description = The name "ANDREI-PC   :0" could not be registered on the interface
with IP address 10.11.1.27.  The computer with the IP address 10.11.0.217 did not
allow the name to be claimed by  this computer.

Error - 5/16/2013 12:54:02 PM | Computer Name = Andrei-PC | Source = NetBT | ID = 4321
Description = The name "ANDREI-PC   :20" could not be registered on the interface
with IP address 10.11.1.27.  The computer with the IP address 10.11.0.217 did not
allow the name to be claimed by  this computer.

Error - 5/16/2013 12:56:13 PM | Computer Name = Andrei-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error:   %%5


< End of report >

Ruleaza din nou OTL.
Pentru Windows Vista sau Windows7,
click dreapta, selecteaza Run as administrator.
Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL.

Quote

Vezi pe imagine cum.
Apasa Run Fix.
Posteaza logul aici.
[ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ]

All processes killed
========== OTL ==========
Service Skype C2C Service stopped successfully!
Service Skype C2C Service deleted successfully!
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe moved successfully.
Service ZTEusbser6k stopped successfully!
Service ZTEusbser6k deleted successfully!
File system32\DRIVERS\ZTEusbser6k.sys not found.
Service ZTEusbnmea stopped successfully!
Service ZTEusbnmea deleted successfully!
File system32\DRIVERS\ZTEusbnmea.sys not found.
Service ZTEusbmdm6k stopped successfully!
Service ZTEusbmdm6k deleted successfully!
File system32\DRIVERS\ZTEusbmdm6k.sys not found.
Service massfilter stopped successfully!
Service massfilter deleted successfully!
File system32\drivers\massfilter.sys not found.
Service CpqDfw stopped successfully!
Service CpqDfw deleted successfully!
File system32\drivers\CpqDfw.sys not found.
Service audiobridge stopped successfully!
Service audiobridge deleted successfully!
C:\Windows\System32\drivers\aubridge.sys moved successfully.
C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\Andrei\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected] moved successfully.
File C:\Users\Andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.19.11_0 not found.
C:\Windows\System32\searchplugins folder moved successfully.
C:\Users\Andrei\AppData\Local\20986331705021ca58edc424.96250074 moved successfully.
ADS C:\ProgramData\TEMP:66BBBB3E deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Andrei\Desktop\cmd.bat deleted successfully.
C:\Users\Andrei\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Andrei
->Java cache emptied: 5277511 bytes

User: Default

User: Default User

User: Guest

User: Public

Total Java Files Cleaned = 5.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Andrei
->Flash cache emptied: 3077 bytes

User: Default

User: Default User

User: Guest

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Andrei
->Temp folder emptied: 1433600 bytes
->Temporary Internet Files folder emptied: 5717586 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27347392 bytes
->Google Chrome cache emptied: 331511219 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500499 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20158 bytes
RecycleBin emptied: 8686 bytes

Total Files Cleaned = 351.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05162013_204544
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Ceva schimbari in sistem?
Ai uitat sa mentionezi, daca poti sa folosesti sistem-ul.
Cineva, ti-a tras-o urat!

Download tot nu am.
Rezolvam pana acum cu reinstalarea windows-ului,dar vreau ca aceasta sa fie ultima optiune.

E prima data cand recomand asta:
Reinstaleaza Sistemul de Operare!
Pot sa te ajut sa devirusezi actualul sistem, dar peste 1..2..3 zile, maxim o luna,
cine a avut acces la sistem-ul tau va reveni(va prelua control-ul).
Cu parere de rau, dar asta-i realitatea.

Imi pare rau sa aud asta. Maine voi reinstala sistemul si o sa postez comportarea lui.

Cu parere de rau, dar, asta-i realitatea.

La fel , sunt nevoit dupa o "batalie" (fara protectie!!) sa declar Xp-ul de pe laptop "mort" !!
Am incercat tot ce stiu pt "revergorare" , dar am ramas cu neste "radacini" in kernel , care nu pot fi reparate !!

Am reinstalat sistemul,pana acum nici o urma de activitate "infractionala".

Asigura-l cum trebuie. Antivirus + Firewall configurat corespunzator.

Exact asa am facut,am instalat kaspersky 2012 activat cu licenta tot. Nu mai imi este frica acum!