Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Self-replicating folders

  1. #1
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default Self-replicating folders

    Hi. I'm having some issues on my laptop, some sort of a virus, it seems like it's taking up space on my computer. I had some problems with sound on my laptop today. Everything was fine when I turned the laptop on, but soon I couldn't hear any sound nor play music, I'm not sure if this is related (when I tried to play music, there was an error message that the program was already in use, or something like that). After that I found a folder named 3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ on local disk C:, full of other folders (the number of folders increasing constantly). I cleaned up some space on my laptop, and also used CCleaner, and then the folder was replaced by a file named 3590F75ABA9E485486C100C1A9D4FF06XZRURUNVBZAFAFQC, and later it just disappeared and the sound went back to normal. Also, I had files like that a few times before, but after they disappeared, I thought I removed them with Spybot.

    I would be very happy if somebody could help me when you have the time, and thank you in advance .


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.40.2
    Run by Korisnik at 22:12:00 on 2013-10-16
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.943 [GMT 2:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\BOINC\boinctray.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\BOINC\boinc.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe
    C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
    C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
    C:\Users\Korisnik\AppData\Roaming\Folding@home-x86\FahCore_a4.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\foobar2000\foobar2000.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_intelx86
    C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_intelx86
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.hr/
    uSearch Bar = about:blank
    uSearch Page = about:blank
    uSearchURL,(Default) = about:blank
    mSearchAssistant = about:blank
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [SearchProtection] "c:\users\korisnik\appdata\roaming\search protection\SearchProtection.EXE" /autostart
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
    mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\wipetr~1.lnk - c:\program files\wipe 2013\wipetray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7} : DHCPNameServer = 83.139.105.2 83.139.104.2
    TCP: Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}\651434F4D40244E2F4E2F4E2 : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.startup.homepage - hxxp://amfsa.clicktodonate.org
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-08-17 12:29; jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack.xpi
    FF - ExtSQL: 2013-08-17 13:11; ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabscope@xuldev.org.xpi
    FF - ExtSQL: 2013-08-17 13:11; ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rainbow@colors.org.xpi
    FF - ExtSQL: 2013-08-17 13:11; ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firegestures@xuldev.org.xpi
    FF - ExtSQL: 2013-08-24 23:42; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
    FF - ExtSQL: 2013-09-28 21:17; ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
    FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
    FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
    FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
    .
    ---- FIREFOX POLICIES ----
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-21 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-21 177864]
    R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-9-1 532536]
    R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-9-1 25656]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-21 770344]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-21 369584]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2013-5-21 87968]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-21 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-21 66336]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-11 46808]
    R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2012-11-21 2571704]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2013-5-21 14904]
    R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2013-5-21 1830544]
    R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-7-17 55104]
    R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\drivers\RtsP2Stor.sys [2013-5-21 209552]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-3-14 552080]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2013-2-28 110408]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2013-2-28 331080]
    S3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2013-3-14 75816]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2013-3-14 130152]
    S3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2013-3-14 150568]
    S3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2013-3-14 435240]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2013-2-27 65152]
    S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\system32\drivers\EtronSTOR.sys [2013-2-27 32512]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2013-2-27 88832]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2013-2-27 351288]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2013-2-27 796216]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2013-2-27 73984]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2013-2-27 165120]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-23 14848]
    S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
    S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-3-23 24064]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-23 49664]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-3-23 27136]
    S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
    .
    =============== Created Last 30 ================
    .
    2013-10-15 06:52:46 -------- d-----w- c:\users\korisnik\appdata\roaming\WIPE2013
    2013-10-15 06:52:39 609824 ----a-w- c:\windows\system32\Comctl32.ocx
    2013-10-15 06:52:39 163840 ----a-w- c:\windows\system32\temp.000
    2013-10-15 06:52:39 1386496 ----a-w- c:\windows\system32\temp.001
    2013-10-15 06:52:38 340992 ----a-w- c:\windows\system32\sqlite36_engine.dll
    2013-10-15 06:52:34 501248 ----a-w- c:\windows\system32\dhRichClient3.dll
    2013-10-15 06:52:34 340992 ----a-w- c:\windows\sqlite36_engine.dll
    2013-10-15 06:52:34 -------- d-----w- c:\program files\Wipe 2013
    2013-10-15 06:39:18 -------- d-----w- c:\program files\SpeedFan
    2013-10-15 06:34:43 -------- d-----w- c:\program files\Free Driver Backup
    2013-10-13 21:46:31 -------- d-----w- c:\users\korisnik\appdata\roaming\IrfanView
    2013-10-13 21:46:26 -------- d-----w- c:\program files\IrfanView
    2013-10-04 06:28:28 -------- d-----w- c:\program files\iPod
    2013-10-04 06:28:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-10-04 06:28:23 -------- d-----w- c:\program files\iTunes
    2013-09-21 22:45:54 -------- d-----w- c:\programdata\Oracle
    2013-09-21 22:18:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ==================== Find3M ====================
    .
    2013-10-08 21:33:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-08 21:33:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-09-21 22:17:42 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-09-21 22:17:42 790440 ----a-w- c:\windows\system32\deployJava1.dll
    2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-08-30 07:48:12 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
    2013-08-24 21:41:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-08-24 21:41:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2013-07-23 23:09:32 0 ----a-w- c:\windows\system32\FAP92BD.tmp
    2013-07-23 22:40:28 0 ----a-w- c:\windows\system32\FAPF718.tmp
    2013-07-23 22:40:27 0 ----a-w- c:\windows\system32\FAPF4E4.tmp
    2013-07-23 22:40:27 0 ----a-w- c:\windows\system32\FAPF188.tmp
    2013-07-23 22:40:26 0 ----a-w- c:\windows\system32\FAPEFC2.tmp
    2013-07-23 22:40:07 0 ----a-w- c:\windows\system32\FAPA46E.tmp
    2013-07-23 22:39:15 0 ----a-w- c:\windows\system32\FAPDB54.tmp
    2013-07-23 22:39:15 0 ----a-w- c:\windows\system32\FAPD9EB.tmp
    2013-07-23 22:39:14 0 ----a-w- c:\windows\system32\FAPD72B.tmp
    2013-07-23 22:39:09 0 ----a-w- c:\windows\system32\FAPC399.tmp
    2013-07-23 22:38:52 0 ----a-w- c:\windows\system32\FAP8080.tmp
    2013-07-23 22:38:51 0 ----a-w- c:\windows\system32\FAP7DEE.tmp
    2013-07-23 22:38:43 0 ----a-w- c:\windows\system32\FAP5D91.tmp
    2013-07-23 22:38:43 0 ----a-w- c:\windows\system32\FAP5B6D.tmp
    2013-07-23 22:38:42 0 ----a-w- c:\windows\system32\FAP5A14.tmp
    2013-07-23 22:36:42 0 ----a-w- c:\windows\system32\FAP8362.tmp
    2013-07-23 22:36:41 0 ----a-w- c:\windows\system32\FAP8238.tmp
    2013-07-23 22:36:41 0 ----a-w- c:\windows\system32\FAP8052.tmp
    2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAPF15.tmp
    2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAPDCC.tmp
    2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAP108E.tmp
    2013-07-23 22:35:54 0 ----a-w- c:\windows\system32\FAPC7A6.tmp
    2013-07-23 22:35:53 0 ----a-w- c:\windows\system32\FAPC66C.tmp
    2013-07-23 22:35:53 0 ----a-w- c:\windows\system32\FAPC532.tmp
    2013-07-23 22:32:22 0 ----a-w- c:\windows\system32\FAP8CE2.tmp
    2013-07-23 22:32:21 0 ----a-w- c:\windows\system32\FAP8957.tmp
    2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPCB15.tmp
    2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPC9DB.tmp
    2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPC8C0.tmp
    2013-07-23 22:30:41 0 ----a-w- c:\windows\system32\FAPCF.tmp
    2013-07-23 22:30:41 0 ----a-w- c:\windows\system32\FAP50.tmp
    2013-07-23 22:30:40 0 ----a-w- c:\windows\system32\FAPFEA9.tmp
    2013-07-23 22:30:33 0 ----a-w- c:\windows\system32\FAPE35A.tmp
    2013-07-23 22:30:32 0 ----a-w- c:\windows\system32\FAPE0E8.tmp
    2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPC184.tmp
    2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPC01B.tmp
    2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPBEF0.tmp
    2013-07-23 22:29:22 0 ----a-w- c:\windows\system32\FAPCE4A.tmp
    2013-07-23 22:29:22 0 ----a-w- c:\windows\system32\FAPCDAC.tmp
    2013-07-23 22:29:21 0 ----a-w- c:\windows\system32\FAPCB49.tmp
    2013-07-23 22:28:38 0 ----a-w- c:\windows\system32\FAP223D.tmp
    2013-07-23 22:28:38 0 ----a-w- c:\windows\system32\FAP20B5.tmp
    2013-07-23 22:28:37 0 ----a-w- c:\windows\system32\FAP1EEE.tmp
    2013-07-23 22:27:42 0 ----a-w- c:\windows\system32\FAP486C.tmp
    2013-07-23 22:27:41 0 ----a-w- c:\windows\system32\FAP4493.tmp
    2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPE301.tmp
    2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPE16A.tmp
    2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPDF55.tmp
    2013-07-23 22:18:39 0 ----a-w- c:\windows\system32\FAPFC07.tmp
    2013-07-23 22:18:38 0 ----a-w- c:\windows\system32\FAPFAAE.tmp
    2013-07-23 22:18:38 0 ----a-w- c:\windows\system32\FAPF84B.tmp
    2013-07-23 22:17:47 0 ----a-w- c:\windows\system32\FAP3182.tmp
    2013-07-23 22:17:46 0 ----a-w- c:\windows\system32\FAP2E26.tmp
    2013-07-23 22:17:45 0 ----a-w- c:\windows\system32\FAP2B46.tmp
    .
    ============= FINISH: 22:13:53,56 ===============



    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-10-16 22:59:41
    -----------------------------
    22:59:41.214 OS Version: Windows 6.1.7601 Service Pack 1
    22:59:41.214 Number of processors: 2 586 0x2A07
    22:59:41.216 ComputerName: KORISNIK-PC UserName: Korisnik
    22:59:43.373 Initialize success
    22:59:45.982 AVAST engine defs: 13101600
    23:00:07.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
    23:00:07.135 Disk 0 Vendor: ATA_____ A60W Size: 305245MB BusType: 11
    23:00:07.253 Disk 0 MBR read successfully
    23:00:07.256 Disk 0 MBR scan
    23:00:07.261 Disk 0 Windows 7 default MBR code
    23:00:07.274 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    23:00:07.291 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 154900 MB offset 206848
    23:00:07.315 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150243 MB offset 317442048
    23:00:07.321 Disk 0 scanning sectors +625139712
    23:00:07.544 Disk 0 scanning C:\Windows\system32\drivers
    23:00:28.037 Service scanning
    23:01:07.740 Modules scanning
    23:01:20.279 Disk 0 trace - called modules:
    23:01:20.302 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
    23:01:20.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d7a030]
    23:01:20.315 3 CLASSPNP.SYS[891ba59e] -> nt!IofCallDriver -> [0x87d79260]
    23:01:20.321 5 iaStorF.sys[89211138] -> nt!IofCallDriver -> \Device\00000069[0x86154520]
    23:01:22.201 AVAST engine scan C:\Windows
    23:01:24.590 AVAST engine scan C:\Windows\system32
    23:04:47.816 AVAST engine scan C:\Windows\system32\drivers
    23:05:08.873 AVAST engine scan C:\Users\Korisnik
    23:08:35.423 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
    23:08:35.434 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"




    Čestitke!: Nisu nađeni spybotovi. (Status)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2013-07-21 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2013-04-11 Includes\Adware.sbi (*)
    2013-10-08 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2013-04-11 Includes\DialerC.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2013-04-11 Includes\HijackersC.sbi (*)
    2013-10-16 Includes\iPhone.sbi (*)
    2013-06-25 Includes\Keyloggers.sbi (*)
    2013-04-11 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-10-01 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-10-08 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2013-04-11 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2013-05-22 Includes\Spyware.sbi (*)
    2013-08-06 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2013-01-16 Includes\Trojans.sbi (*)
    2013-08-13 Includes\TrojansC-02.sbi (*)
    2013-10-07 Includes\TrojansC-03.sbi (*)
    2013-10-16 Includes\TrojansC-04.sbi (*)
    2013-06-13 Includes\TrojansC-05.sbi (*)
    2013-08-06 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Attached Files Attached Files

  2. #2
    Malware Team OCD's Avatar
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    968

    Default

    Hi black_lilies,

    Sorry for the extended delay in responding to your thread. It has been quite some time since your original scans we run and posted. Please run these tools and post the corresponding logs.

    =========================

    Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    aswMBR

    Download aswMBR.exe and save it to your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

    =========================
    OTL

    Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      services.*
      /md5stop
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    =========================

    In your next post please provide the following:
    • checkup.txt
    • aswMBR.txt
    • attach MBR.zip
    • OTL.txt
    • Extras.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

  3. #3
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    checkup.txt

    Results of screen317's Security Check version 0.99.77
    Windows 7 Service Pack 1 x86 (UAC is disabled!)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    CCleaner
    Java 7 Update 45
    Java SE Development Kit 7 Update 21
    Adobe Flash Player 11.9.900.117
    Mozilla Firefox (25.0.1)
    Google Chrome 30.0.1599.101
    Google Chrome 31.0.1650.57
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````



    aswMBR.txt

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-11-19 18:57:20
    -----------------------------
    18:57:20.595 OS Version: Windows 6.1.7601 Service Pack 1
    18:57:20.595 Number of processors: 2 586 0x2A07
    18:57:20.595 ComputerName: KORISNIK-PC UserName: Korisnik
    18:57:21.578 Initialize success
    18:57:23.044 AVAST engine defs: 13111801
    19:00:03.544 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
    19:00:03.544 Disk 0 Vendor: ATA_____ A60W Size: 305245MB BusType: 11
    19:00:03.980 Disk 0 MBR read successfully
    19:00:03.996 Disk 0 MBR scan
    19:00:03.996 Disk 0 Windows 7 default MBR code
    19:00:04.012 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    19:00:04.027 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 154900 MB offset 206848
    19:00:04.058 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150243 MB offset 317442048
    19:00:04.058 Disk 0 scanning sectors +625139712
    19:00:04.511 Disk 0 scanning C:\Windows\system32\drivers
    19:00:18.239 Service scanning
    19:00:57.614 Modules scanning
    19:01:34.244 Disk 0 trace - called modules:
    19:01:34.790 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
    19:01:34.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d7f030]
    19:01:34.806 3 CLASSPNP.SYS[891d659e] -> nt!IofCallDriver -> [0x87d7e6c0]
    19:01:34.806 5 iaStorF.sys[8921e138] -> nt!IofCallDriver -> \Device\0000006a[0x860fec68]
    19:01:35.180 AVAST engine scan C:\Windows
    19:01:42.575 AVAST engine scan C:\Windows\system32
    19:04:58.014 AVAST engine scan C:\Windows\system32\drivers
    19:05:17.592 AVAST engine scan C:\Users\Korisnik
    19:20:08.572 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
    19:20:08.915 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"
    19:20:50.817 AVAST engine scan C:\ProgramData
    19:23:35.340 Scan finished successfully
    19:25:54.388 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
    19:25:54.404 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"




    OTL.txt

    OTL logfile created on: 19.11.2013. 19:33:23 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korisnik\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

    1,89 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 65,61% Memory free
    3,78 Gb Paging File | 2,64 Gb Available in Paging File | 69,88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 151,27 Gb Total Space | 22,35 Gb Free Space | 14,77% Space Free | Partition Type: NTFS
    Drive D: | 146,72 Gb Total Space | 27,30 Gb Free Space | 18,61% Space Free | Partition Type: NTFS

    Computer Name: KORISNIK-PC | User Name: Korisnik | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Korisnik\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Wipe 2013\wipetray.exe (PrivacyRoot.com)
    PRC - C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    PRC - C:\ProgramData\BOINC\slots\1\ce5.exe ()
    PRC - C:\ProgramData\BOINC\slots\0\ce5.exe ()
    PRC - C:\ProgramData\BOINC\projects\work.charityengine.com\ce-generic-wrapper-0001_windows_intelx86.exe ()
    PRC - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe (IDEVFH)
    PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
    PRC - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
    PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    PRC - C:\Program Files\BOINC\boinc.exe (Space Sciences Laboratory)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
    PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
    PRC - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
    PRC - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
    MOD - C:\Program Files\Wipe 2013\MD5.dll ()
    MOD - C:\ProgramData\BOINC\slots\1\ce5.exe ()
    MOD - C:\ProgramData\BOINC\slots\0\ce5.exe ()
    MOD - C:\ProgramData\BOINC\projects\work.charityengine.com\ce-generic-wrapper-0001_windows_intelx86.exe ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\97c369d03310ac919968cac177d066da\System.ServiceModel.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\d5229063f646936404008f444c533c3b\System.ServiceModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\620cea5f6098caaf044d062d8dde6b3d\System.IdentityModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\8b9c29dd76473c8230ca379ee39e40e2\IAStorDataMgrSvcInterfaces.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\1eea35376a67d2e807a54ff3fe4b8a56\IAStorCommon.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\0a4ef3904cfdea04def6af647f619946\IAStorUtil.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b1f3ea839257551154e34750f26fa33d\System.Runtime.Serialization.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3506b73a7cc2bc014040bdaf42e3c9f2\System.ServiceModel.Internals.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4626a29dfa025f702b32e3515de175e3\SMDiagnostics.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7449f505f7fb206101f361c05dd7d9be\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c3b7873af3400562b01878e1dfdb0c59\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\88080c0d9e9709c55aa0494a3b05a1df\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\847c865b860f33a319b2c6906d9a125f\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7499b638af35153a97431c42fd16d9cb\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78d3cd0fc198e323f3eb0742f23659b2\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ca0ef2ddc840163b27423f6ede4ddb23\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\09a71502394e43062c81789367f22d1e\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Windows\System32\IccLibDll.dll ()
    MOD - C:\Program Files\BOINC\zlib1.dll ()


    ========== Services (SafeList) ==========

    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
    SRV - (CodeMeter.exe) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
    SRV - (IconMan_R) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


    ========== Driver Services (SafeList) ==========

    DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
    DRV - (aswMBR) -- C:\Users\Korisnik\AppData\Local\Temp\aswMBR.sys File not found
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
    DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
    DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation)
    DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation)
    DRV - (RSP2STOR) -- C:\Windows\System32\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
    DRV - (iaStorA) -- C:\Windows\System32\drivers\iaStorA.sys (Intel Corporation)
    DRV - (iaStorF) -- C:\Windows\System32\drivers\iaStorF.sys (Intel Corporation)
    DRV - (asmtxhci) -- C:\Windows\System32\drivers\asmtxhci.sys (ASMedia Technology Inc)
    DRV - (asmthub3) -- C:\Windows\System32\drivers\asmthub3.sys (ASMedia Technology Inc)
    DRV - (EtronXHCI) -- C:\Windows\System32\drivers\EtronXHCI.sys (Etron Technology Inc)
    DRV - (EtronHub3) -- C:\Windows\System32\drivers\EtronHub3.sys (Etron Technology Inc)
    DRV - (EtronSTOR) -- C:\Windows\System32\drivers\EtronSTOR.sys (Etron Technology Inc)
    DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
    DRV - (b06diag) -- C:\Windows\System32\drivers\bxdiagx.sys (Broadcom Corporation)
    DRV - (bxois) -- C:\Windows\System32\drivers\bxois.sys (Broadcom Corporation)
    DRV - (bxfcoe) -- C:\Windows\System32\drivers\bxfcoe.sys (Broadcom Corporation)
    DRV - (BFN7x86) -- C:\Windows\System32\drivers\Xeno7x86.sys (Bigfoot Networks, Inc.)
    DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
    DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
    DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
    DRV - (s125mgmt) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
    DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
    DRV - (giveio) -- C:\Windows\System32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 E0 2F 66 FE 55 CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{FFAB1B2F-B3C1-4B3B-8C5B-B07B36694368}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=512435"
    FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://mindmillion.com/inspiration.html"
    FF - prefs.js..extensions.enabledAddons: mintrayr%40tn123.ath.cx:1.1.2
    FF - prefs.js..extensions.enabledAddons: organize-search-engines%40maltekraus.de:1.7
    FF - prefs.js..extensions.enabledAddons: intgcal%40egarracingteam.com.ar:1.2.0
    FF - prefs.js..extensions.enabledAddons: amin.eft_bmnotes%40gmail.com:2.8.1
    FF - prefs.js..extensions.enabledAddons: %7B48f91e76-bc5f-45a7-a03a-6b4e7669df90%7D:1.0
    FF - prefs.js..extensions.enabledAddons: %7Bc07d1a49-9894-49ff-a594-38960ede8fb9%7D:3.1.12
    FF - prefs.js..extensions.enabledAddons: is%40dictionaries.addons.mozilla.org:1.3
    FF - prefs.js..extensions.enabledAddons: %7B8B72860F-C5F8-4286-865E-D2C2DB98A9E6%7D:1.2.3
    FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
    FF - prefs.js..extensions.enabledAddons: format.bar%40codefisher.org:0.1.4.10
    FF - prefs.js..extensions.enabledAddons: tabforacause%40tabforacause.org:4.1.0
    FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3
    FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.4
    FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
    FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
    FF - prefs.js..extensions.enabledAddons: Konverts%40MediaPimp.com:10.3
    FF - prefs.js..extensions.enabledAddons: dcct%40mingyi.org:0.27
    FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
    FF - prefs.js..extensions.enabledAddons: %7B2f17f610-5e97-4fed-828f-9940b7b577a4%7D:19.0.0
    FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
    FF - prefs.js..extensions.enabledAddons: cybersearch%40cybernetnews.com:2.8
    FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
    FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.3.0.1
    FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
    FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
    FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
    FF - prefs.js..extensions.enabledAddons: %7B6E21139C-F48B-11DA-B59C-B582C6649067%7D:0.6.3
    FF - prefs.js..extensions.enabledAddons: charpick%40ryanium.com:0.4.1
    FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.20
    FF - prefs.js..extensions.enabledAddons: %7Bea61041c-1e22-4400-99a0-aea461e69d04%7D:0.2.3
    FF - prefs.js..extensions.enabledAddons: %7Bc72c0c73-4eb0-4fb3-af0f-074e97326cfd%7D:1.4
    FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
    FF - prefs.js..extensions.enabledAddons: backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66%40mozillafirefoxextension:1.0.3
    FF - prefs.js..extensions.enabledAddons: ScrollUp%40saplin.com:1.0
    FF - prefs.js..extensions.enabledAddons: dragtabasshortcut%40antontitov.com:1.01
    FF - prefs.js..extensions.enabledAddons: %7B3bbdd952-cf6f-44a7-9d23-354a8792b598%7D:1.4
    FF - prefs.js..extensions.enabledAddons: shortcuts%40khngai.com:1.9
    FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
    FF - prefs.js..extensions.enabledAddons: savefileto%40mozdev.org:2.5.1
    FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
    FF - prefs.js..extensions.enabledAddons: rainbow%40colors.org:1.6
    FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
    FF - prefs.js..extensions.enabledAddons: support%40todoist.com:3.7
    FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.5
    FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
    FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.3.1
    FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
    FF - prefs.js..extensions.enabledAddons: %7B139a120b-c2ea-41d2-bf70-542d9f063dfd%7D:2.04.1
    FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
    FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:24.0.2
    FF - prefs.js..extensions.enabledAddons: brief%40mozdev.org:1.7.2
    FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.7.14
    FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.35.335
    FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.3
    FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.94
    FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3.9
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
    FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.5.3
    FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.2.1
    FF - prefs.js..extensions.enabledAddons: %7B5546F97E-11A5-46b0-9082-32AD74AAA920%7D:0.76
    FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.15
    FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:8.2
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p="
    FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
    FF - prefs.js..network.proxy.type: 2


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.11.19 18:31:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.08.24 22:42:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.17 10:33:09 | 000,000,000 | ---D | M]

    [2013.05.21 10:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Extensions
    [2013.11.16 22:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions
    [2013.10.02 18:27:24 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    [2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2013.11.16 22:54:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2013.07.23 20:21:47 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
    [2013.08.08 00:03:52 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2013.07.24 23:11:03 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    [2013.11.08 02:07:26 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    [2013.11.02 20:54:53 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    [2013.05.25 17:48:07 | 000,000,000 | ---D | M] ("Converter") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
    [2013.11.01 16:20:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013.07.05 00:33:38 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2013.07.24 23:10:58 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
    [2013.08.12 23:31:02 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    [2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
    [2013.05.22 13:36:01 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\amin.eft_bmnotes@gmail.com
    [2013.07.24 20:18:22 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\cybersearch@cybernetnews.com
    [2013.07.13 10:43:07 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\donottrackplus@abine.com
    [2013.05.22 01:00:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2013.07.24 23:11:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxmarks@kei.com
    [2013.10.26 22:16:08 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxyproxy@eric.h.jung
    [2013.09.13 22:04:51 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\fr-dicollecte@dictionaries.addons.mozilla.org
    [2013.08.20 15:33:39 | 000,000,000 | ---D | M] (Croatian Dictionary (Hrvatski Rjecnik)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\hr-HR-2@dictionaries.addons.mozilla.org
    [2013.10.05 21:03:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\https-everywhere@eff.org
    [2013.10.25 15:27:40 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\idme@abine.com
    [2013.05.24 18:00:28 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\is@dictionaries.addons.mozilla.org
    [2013.06.27 16:30:18 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\isreaditlater@ideashower.com
    [2013.07.19 08:38:18 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab &amp; More) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\Konverts@MediaPimp.com
    [2013.05.22 00:48:56 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\mintrayr@tn123.ath.cx
    [2013.09.19 13:45:19 | 000,000,000 | ---D | M] (Rain Alarm Extension) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\rain-alarm@mdiener.de
    [2013.07.27 02:38:22 | 000,000,000 | ---D | M] ("TableTools2") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\tabletools2@mingyi.org
    [2013.08.16 16:42:27 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2013.11.07 15:28:35 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\add-to-searchbox@maltekraus.de.xpi
    [2013.08.08 21:30:14 | 000,027,678 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66@mozillafirefoxextension.xpi
    [2013.10.18 14:29:17 | 000,246,524 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\brief@mozdev.org.xpi
    [2013.07.27 02:38:22 | 000,031,018 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\charpick@ryanium.com.xpi
    [2013.08.30 00:37:05 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\client@anonymox.net.xpi
    [2013.08.12 16:09:04 | 000,126,982 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\customizable-shortcuts@timtaubert.de.xpi
    [2013.07.20 00:13:03 | 000,028,980 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dcct@mingyi.org.xpi
    [2013.08.12 15:48:57 | 000,007,979 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dragtabasshortcut@antontitov.com.xpi
    [2013.06.26 17:05:52 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\facebook@disconnect.me.xpi
    [2013.11.06 18:41:04 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firefox@ghostery.com.xpi
    [2013.10.18 14:29:17 | 000,390,473 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firegestures@xuldev.org.xpi
    [2013.06.02 12:04:06 | 000,162,728 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\format.bar@codefisher.org.xpi
    [2013.08.12 16:15:27 | 000,119,451 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\FxExtPasteNGoHtk@github.lostdj.xpi
    [2013.05.22 05:19:20 | 000,025,955 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\intgcal@egarracingteam.com.ar.xpi
    [2013.05.22 15:14:22 | 000,301,619 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi
    [2013.07.23 22:47:42 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
    [2013.07.21 11:42:40 | 000,193,117 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-A2AGBH3veL3ZV6GOM159BnxtOjg@jetpack.xpi
    [2013.11.06 18:40:58 | 000,568,293 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
    [2013.08.17 11:29:38 | 000,168,986 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack.xpi
    [2013.07.21 11:42:22 | 000,241,099 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-UPq1qFOINa4blezeJa2DpZKATTo@jetpack.xpi
    [2013.09.24 19:02:15 | 000,306,265 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-j3KiX1n7UXrjxQ@jetpack.xpi
    [2013.07.21 11:42:48 | 000,300,648 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-sNaADGzvFyhsSA@jetpack.xpi
    [2013.10.29 19:55:16 | 000,320,988 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
    [2013.11.06 19:51:52 | 000,367,522 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\langpack-hr@firefox.mozilla.org.xpi
    [2013.07.24 23:11:03 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\lazarus@interclue.com.xpi
    [2013.10.09 21:02:59 | 000,320,474 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\mytube@ashishmishra.in.xpi
    [2013.10.11 00:42:49 | 000,159,644 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
    [2013.08.07 22:08:26 | 000,010,666 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\noverflow@sdrocking.com.xpi
    [2013.05.22 01:03:31 | 000,113,783 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\organize-search-engines@maltekraus.de.xpi
    [2013.08.20 15:33:38 | 000,470,162 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rainbow@colors.org.xpi
    [2013.08.08 00:03:52 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\requestpolicy@requestpolicy.com.xpi
    [2013.05.29 18:55:25 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rssicon@jasnapaka.com.xpi
    [2013.08.16 12:10:37 | 000,123,257 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\savefileto@mozdev.org.xpi
    [2013.08.08 21:30:14 | 000,011,209 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\ScrollUp@saplin.com.xpi
    [2013.07.22 22:47:44 | 000,121,779 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\searchy@searchy.xpi
    [2013.08.12 16:20:26 | 000,011,724 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\shortcuts@khngai.com.xpi
    [2013.11.06 07:39:01 | 000,367,561 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\smarterwiki@wikiatic.com.xpi
    [2013.08.27 14:56:58 | 000,011,156 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\support@todoist.com.xpi
    [2013.06.08 15:52:23 | 000,292,666 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabforacause@tabforacause.org.xpi
    [2013.09.08 02:19:10 | 000,160,818 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabscope@xuldev.org.xpi
    [2013.07.24 23:11:07 | 000,024,038 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi
    [2013.11.16 22:54:02 | 000,059,830 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\zoompage@DW-dev.xpi
    [2013.08.05 01:05:34 | 000,475,365 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
    [2013.10.02 17:42:45 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    [2013.10.05 14:16:11 | 000,132,344 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
    [2013.10.18 21:19:05 | 000,023,107 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
    [2013.10.31 22:49:49 | 000,381,472 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
    [2013.10.02 18:27:24 | 000,094,167 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
    [2013.10.31 22:49:48 | 000,217,340 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
    [2013.08.12 16:20:26 | 000,015,234 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{3bbdd952-cf6f-44a7-9d23-354a8792b598}.xpi
    [2013.05.23 14:22:37 | 000,007,404 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{48f91e76-bc5f-45a7-a03a-6b4e7669df90}.xpi
    [2013.10.05 14:25:25 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
    [2013.09.17 11:06:36 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
    [2013.11.05 18:41:03 | 000,243,884 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi
    [2013.07.27 02:38:19 | 000,005,533 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{6E21139C-F48B-11DA-B59C-B582C6649067}.xpi
    [2013.11.09 16:01:13 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013.08.08 00:03:51 | 000,050,761 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
    [2013.10.05 14:05:16 | 000,026,163 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
    [2013.05.24 09:36:25 | 000,447,526 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
    [2013.08.08 00:03:51 | 000,016,921 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi
    [2013.06.26 17:05:35 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
    [2013.10.11 00:42:49 | 001,283,406 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
    [2013.07.24 23:10:58 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2013.10.31 23:59:13 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    [2013.08.13 22:02:41 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2013.10.01 20:17:08 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    [2013.07.24 23:10:52 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
    [2013.08.08 00:03:51 | 000,057,752 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
    [2013.07.24 22:19:31 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
    [2013.06.26 17:30:02 | 000,000,472 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\10starmoviescom.xml
    [2013.10.04 08:49:19 | 000,000,779 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\a-z-lyrics-universe.xml
    [2013.06.26 17:35:48 | 000,000,675 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\asian-horror-moviescom.xml
    [2013.05.25 21:48:49 | 000,001,500 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\care2.xml
    [2013.05.22 02:00:07 | 000,000,949 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\coolinarika.xml
    [2013.05.22 03:15:46 | 000,000,984 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\dark-lyrics.xml
    [2013.06.07 16:15:19 | 000,000,926 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\deviantart.xml
    [2013.08.07 22:24:09 | 000,001,263 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\duckduckgo.xml
    [2013.11.05 21:19:47 | 000,000,451 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\easy-pdf-search.xml
    [2013.06.19 19:00:36 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\fenopyse.xml
    [2013.05.22 00:49:34 | 000,001,635 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\firefox-add-ons.xml
    [2013.05.22 03:21:55 | 000,009,117 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\flickr.xml
    [2013.08.14 02:29:36 | 000,006,404 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gallica-bnf.xml
    [2013.06.02 20:57:36 | 000,000,526 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gazetteer-of-british-place-names.xml
    [2013.06.19 15:30:11 | 000,001,733 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\goodsearch.xml
    [2013.06.07 12:28:03 | 000,001,712 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-books.xml
    [2013.07.23 23:41:12 | 000,001,024 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-pagerank-checker.xml
    [2013.05.22 03:22:40 | 000,001,427 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-slike.xml
    [2013.07.01 12:01:04 | 000,000,843 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\haro-online--movies.xml
    [2013.05.26 17:19:01 | 000,000,773 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hphosts-online.xml
    [2013.11.09 19:25:01 | 000,000,856 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hrvatski-jezini-portal.undefined.undefined
    [2013.05.24 22:34:33 | 000,000,759 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hubpages.xml
    [2013.05.22 01:04:15 | 000,012,707 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\imdb.xml
    [2013.08.14 02:45:13 | 000,001,413 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\internet-archive.xml
    [2013.07.01 11:06:59 | 000,001,213 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\isohunt.xml
    [2013.06.27 12:01:26 | 000,001,374 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ixquick-search-engine.xml
    [2013.07.19 23:31:53 | 000,001,419 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\jamie-oliver.xml
    [2013.05.22 03:20:30 | 000,001,355 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\kickasstorrents.xml
    [2013.06.16 00:32:27 | 000,001,443 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\lastfm.xml
    [2013.06.11 15:24:21 | 000,001,464 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\leos-lyrics.xml
    [2013.08.14 03:01:18 | 000,001,109 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\librivox-1.xml
    [2013.05.29 11:19:21 | 000,000,814 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\merriam-webster-online.xml
    [2013.07.01 12:08:05 | 000,001,629 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\monovaorg.xml
    [2013.08.24 18:48:32 | 000,001,602 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\mp3skullcom.xml
    [2013.11.11 18:25:21 | 000,001,121 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\nameberrycom.undefined.undefined
    [2013.07.01 11:12:39 | 000,001,188 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\onebigtorrentorg.xml
    [2013.07.01 11:28:11 | 000,001,479 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ovguide.xml
    [2013.07.23 23:17:23 | 000,000,795 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\phishtank.xml
    [2013.10.05 16:39:15 | 000,000,691 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\podnapisinet.xml
    [2013.07.21 13:02:45 | 000,001,603 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\primewire--1channel--letmewatchthis.xml
    [2013.06.07 00:29:22 | 000,001,324 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\project-gutenberg.xml
    [2013.06.26 16:27:57 | 000,001,869 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ripple.xml
    [2013.07.02 20:15:36 | 000,000,918 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\scribd.xml
    [2013.05.29 14:11:23 | 000,001,268 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\serious-eats-recipes.xml
    [2013.05.22 03:15:07 | 000,000,920 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\songmeanings.xml
    [2013.10.05 16:38:39 | 000,001,122 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\subtitlecubecom.xml
    [2013.07.23 23:37:12 | 000,000,507 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\sucuri-security--website-malware-scan.xml
    [2013.11.05 21:22:36 | 000,001,392 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-audiobook-bay.xml
    [2013.07.17 22:11:20 | 000,040,970 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-cornell-lab-of-ornithology.xml
    [2013.05.29 11:32:05 | 000,001,110 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-free-dictionary.xml
    [2013.05.22 03:19:23 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-pirate-bay.xml
    [2013.10.08 22:01:22 | 000,000,666 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\torrentz.xml
    [2013.08.17 01:09:37 | 000,001,027 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\urban-dictionary.xml
    [2013.08.07 23:44:29 | 000,000,502 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\userscriptsorg.xml
    [2013.05.29 11:27:36 | 000,001,588 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\vegan-soapbox.xml
    [2013.05.22 06:14:08 | 000,001,231 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wayback-machine.xml
    [2013.05.29 10:59:38 | 000,001,818 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikimedia-cookbook.xml
    [2013.05.29 10:50:25 | 000,001,266 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikipediaorg.xml
    [2013.05.29 10:55:30 | 000,000,557 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikivet.xml
    [2013.07.09 22:19:40 | 000,001,318 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wolframalpha.xml
    [2013.05.23 22:16:58 | 000,001,791 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wot-web-of-trust.xml
    [2013.05.22 01:03:48 | 000,001,136 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\youtube.xml
    [2013.11.17 10:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013.11.17 10:33:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013.11.19 18:31:19 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2013.08.24 22:42:58 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
    [2013.08.24 22:41:59 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google.hr (Enabled)
    CHR - default_search_provider: search_url = https://www.google.hr/search?output=search&sclient=psy-ab&q={searchTerms}&btnG=&oq=&gs_l=&pbx=1
    CHR - default_search_provider: suggest_url = ,
    CHR - homepage: http://www.google.hr/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - Extension: Google disk = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google pretrau017Eivanje = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: DoNotTrackMe = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0\
    CHR - Extension: Foxy Proxy Standard = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.8_1\
    CHR - Extension: avast! Online Security = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
    CHR - Extension: ProxMate - Improve your Internet! = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.4.3_0\
    CHR - Extension: RealDownloader = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
    CHR - Extension: Google Karte = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
    CHR - Extension: Google Nov\u010Danik = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: TS Magic Player = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.29_0\
    CHR - Extension: Gmail = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    Attached Files Attached Files

  4. #4
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    O1 HOSTS File: ([2013.08.09 08:09:58 | 000,450,636 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15467 more lines...
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
    O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
    O4 - HKCU..\Run: [SearchProtection] C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
    O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk = C:\Program Files\Wipe 2013\wipetray.exe (PrivacyRoot.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013.11.19 18:59:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
    [2013.11.19 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
    [2013.11.19 18:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2013.11.18 23:12:24 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Desktop\Nova mapa
    [2013.11.17 10:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013.11.15 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013.11.08 09:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013.11.08 09:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013.11.02 20:55:49 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Documents\iMacros
    [2013.10.20 23:51:16 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2013.10.20 23:51:05 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013.10.20 23:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2013.10.20 23:51:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013.10.20 23:51:04 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [54 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013.11.19 19:32:11 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013.11.19 19:31:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013.11.19 19:25:54 | 000,000,512 | ---- | M] () -- C:\Users\Korisnik\Desktop\MBR.dat
    [2013.11.19 19:18:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
    [2013.11.19 18:46:11 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.11.19 18:46:11 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.11.19 18:37:57 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013.11.19 18:37:46 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
    [2013.11.19 18:37:11 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
    [2013.11.19 18:31:14 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2013.11.19 18:31:13 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2013.11.19 18:31:13 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2013.11.19 18:31:13 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013.11.19 18:31:13 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2013.11.19 18:31:13 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013.11.19 18:31:13 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2013.11.19 18:31:12 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2013.11.19 18:31:04 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013.11.19 18:25:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
    [2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
    [2013.11.17 20:04:11 | 000,666,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013.11.17 20:04:11 | 000,127,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013.11.10 13:47:04 | 000,448,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013.11.06 21:27:23 | 000,007,696 | ---- | M] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
    [2013.11.06 14:43:35 | 000,001,669 | ---- | M] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
    [2013.10.29 21:35:51 | 000,001,020 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk
    [2013.10.22 08:20:10 | 000,056,027 | ---- | M] () -- C:\Users\Korisnik\Desktop\100653427.jpg
    [2013.10.22 01:04:26 | 000,061,339 | ---- | M] () -- C:\Users\Korisnik\Desktop\money-background-seamless-fill-bluesky.jpg
    [2013.10.22 00:41:38 | 000,009,900 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-dollar-bills_animation.gif
    [2013.10.22 00:41:14 | 000,008,984 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-bills-animated.gif
    [2013.10.22 00:41:08 | 000,024,181 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-dollars-animation.gif
    [2013.10.21 00:21:32 | 000,002,630 | ---- | M] () -- C:\Users\Korisnik\Desktop\The Nearly Ultimate Guide to Better Writing.pdf.lnk
    [2013.10.21 00:21:00 | 000,002,578 | ---- | M] () -- C:\Users\Korisnik\Desktop\Serena Alba - Geometrija božanske iskre.pdf.lnk
    [2013.10.21 00:19:39 | 000,001,180 | ---- | M] () -- C:\Users\Korisnik\Desktop\Filmovi.lnk
    [2013.10.21 00:18:47 | 000,001,057 | ---- | M] () -- C:\Users\Korisnik\Desktop\Slike.lnk
    [2013.10.21 00:18:24 | 000,001,051 | ---- | M] () -- C:\Users\Korisnik\Desktop\Glazba.lnk
    [2013.10.21 00:16:54 | 000,001,072 | ---- | M] () -- C:\Users\Korisnik\Desktop\Dokumenti.lnk
    [2013.10.20 23:50:49 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013.10.20 23:50:33 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2013.10.20 23:50:33 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013.10.20 23:50:32 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [54 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013.11.19 19:20:08 | 000,000,512 | ---- | C] () -- C:\Users\Korisnik\Desktop\MBR.dat
    [2013.11.19 18:37:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
    [2013.11.18 23:02:24 | 000,891,200 | ---- | C] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
    [2013.11.06 14:43:35 | 000,001,669 | ---- | C] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
    [2013.11.05 21:35:59 | 000,007,696 | ---- | C] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
    [2013.10.22 08:20:09 | 000,056,027 | ---- | C] () -- C:\Users\Korisnik\Desktop\100653427.jpg
    [2013.10.22 01:04:22 | 000,061,339 | ---- | C] () -- C:\Users\Korisnik\Desktop\money-background-seamless-fill-bluesky.jpg
    [2013.10.22 00:41:37 | 000,009,900 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-dollar-bills_animation.gif
    [2013.10.22 00:41:13 | 000,008,984 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-bills-animated.gif
    [2013.10.22 00:41:06 | 000,024,181 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-dollars-animation.gif
    [2013.10.21 00:21:32 | 000,002,630 | ---- | C] () -- C:\Users\Korisnik\Desktop\The Nearly Ultimate Guide to Better Writing.pdf.lnk
    [2013.10.21 00:21:00 | 000,002,578 | ---- | C] () -- C:\Users\Korisnik\Desktop\Serena Alba - Geometrija božanske iskre.pdf.lnk
    [2013.10.21 00:19:39 | 000,001,180 | ---- | C] () -- C:\Users\Korisnik\Desktop\Filmovi.lnk
    [2013.10.21 00:18:47 | 000,001,057 | ---- | C] () -- C:\Users\Korisnik\Desktop\Slike.lnk
    [2013.10.21 00:18:24 | 000,001,051 | ---- | C] () -- C:\Users\Korisnik\Desktop\Glazba.lnk
    [2013.10.21 00:16:54 | 000,001,072 | ---- | C] () -- C:\Users\Korisnik\Desktop\Dokumenti.lnk
    [2013.10.15 08:42:36 | 000,000,090 | ---- | C] () -- C:\Windows\Philip.INI
    [2013.10.15 07:52:46 | 000,000,098 | ---- | C] () -- C:\ProgramData\avalon2.2_WIPE2013.ini
    [2013.10.15 07:52:38 | 000,340,992 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
    [2013.10.15 07:52:34 | 000,340,992 | ---- | C] () -- C:\Windows\sqlite36_engine.dll
    [2013.10.06 00:22:20 | 000,200,148 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2013.08.17 14:29:27 | 109,026,806 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla.rar
    [2013.07.24 15:19:14 | 000,001,397 | ---- | C] () -- C:\Windows\wininit.ini
    [2013.06.28 17:46:41 | 000,003,342 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\recently-used.xbel
    [2013.06.23 15:58:45 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2013.06.21 09:54:46 | 000,000,096 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\fusioncache.dat
    [2013.06.19 14:41:05 | 000,026,364 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\UserTile.png
    [2013.06.19 12:39:35 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
    [2013.06.19 12:34:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\aceg.ini
    [2013.05.26 17:10:37 | 000,000,896 | RHS- | C] () -- C:\Users\Korisnik\ntuser.pol
    [2013.05.21 10:43:00 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013.05.21 10:42:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013.05.21 10:29:27 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2013.05.21 09:28:39 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2013.05.21 09:28:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2013.05.21 09:28:36 | 000,240,004 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
    [2012.12.14 01:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
    [2012.12.14 01:02:20 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
    [2012.12.14 01:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
    [2012.12.14 01:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2012.12.14 01:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2012.12.14 01:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin

    ========== ZeroAccess Check ==========

    [2012.07.14 18:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
    [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013.07.23 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\AlarmClock
    [2013.11.12 23:15:34 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Audacity
    [2013.11.19 18:38:33 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
    [2013.06.19 11:18:28 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\BSplayer
    [2013.05.21 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\BSplayer Pro
    [2013.05.21 10:35:32 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Canneverbe Limited
    [2013.09.18 23:01:36 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Epson
    [2013.11.11 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Folding@home-x86
    [2013.11.18 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\foobar2000
    [2013.07.09 22:23:56 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\inkscape
    [2013.10.27 15:22:18 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\IrfanView
    [2013.06.04 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Line 6
    [2013.06.29 13:13:03 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Oracle
    [2013.06.04 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Propellerhead Software
    [2013.08.10 13:19:41 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Search Protection
    [2013.06.15 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\SumatraPDF
    [2013.05.21 10:10:20 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Synaptics
    [2013.06.03 10:47:15 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\UA_HiRISE
    [2013.11.12 04:32:59 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\uTorrent
    [2013.10.27 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\WIPE2013

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    < MD5 for: EXPLORER.ADML >
    [2011.04.12 03:15:49 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
    [2011.04.12 03:15:49 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml

    < MD5 for: EXPLORER.ADMX >
    [2009.06.10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
    [2009.06.10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx

    < MD5 for: EXPLORER.EXE >
    [2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

    < MD5 for: EXPLORER.EXE.MUI >
    [2011.04.12 03:15:39 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
    [2011.04.12 03:15:39 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
    [2009.07.13 18:55:04 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C034B59784311ABD8D8E0D7943EDFBC6 -- C:\Windows\hr-HR\explorer.exe.mui
    [2009.07.13 18:55:04 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C034B59784311ABD8D8E0D7943EDFBC6 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ee880aa5ad10d620\explorer.exe.mui

    < MD5 for: EXPLORER.EXE-A80E4F97.PF >
    [2013.11.19 19:30:28 | 000,118,418 | ---- | M] () MD5=F5116BC9B84BCC8B2A334DBF0D43347B -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

    < MD5 for: EXPLORER.ICO >
    [2007.07.20 11:55:08 | 000,025,214 | ---- | M] () MD5=9B8226EC0C75BA9BDE995D8FBC3FDF59 -- C:\Program Files\FreeAlarmClock\explorer.ico

    < MD5 for: EXPLORER.ZIP >
    [2006.03.06 21:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

    < MD5 for: IEXPLORE.EXE >
    [2013.03.23 16:58:37 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_ba715a6a65dbf461\iexplore.exe
    [2013.04.05 06:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_a39ee59e7f860811\iexplore.exe
    [2013.04.05 07:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Program Files\Internet Explorer\iexplore.exe
    [2013.04.05 07:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
    [2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
    [2010.11.20 22:29:33 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe

    < MD5 for: IEXPLORE.EXE.MUI >
    [2009.07.13 17:12:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=49F18DD112B5CDC5DC1DDCECDA088D92 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_hr-hr_97e3d05892d28ffe\iexplore.exe.mui
    [2013.03.23 16:58:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2013.03.23 16:58:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
    [2009.07.14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-908C99F8.PF >
    [2013.11.15 18:45:15 | 000,099,278 | ---- | M] () MD5=DBD0BC8350A2D7CB489A2E55A17E82F4 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

    < MD5 for: SERVICES >
    [2009.06.10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
    [2009.06.10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

    < MD5 for: SERVICES.EXE >
    [2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

    < MD5 for: SERVICES.EXE.MUI >
    [2011.04.12 03:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
    [2011.04.12 03:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
    [2009.07.13 18:19:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=DE8100CA6FABE5B5A99CA078144368EF -- C:\Windows\System32\hr-HR\services.exe.mui
    [2009.07.13 18:19:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=DE8100CA6FABE5B5A99CA078144368EF -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_5292ca9f5f6438ed\services.exe.mui

    < MD5 for: SERVICES.LNK >
    [2009.07.14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
    [2009.07.14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

    < MD5 for: SERVICES.MOF >
    [2009.06.10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
    [2009.06.10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

    < MD5 for: SERVICES.MSC >
    [2011.04.12 03:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
    [2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
    [2011.04.12 03:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
    [2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

    < MD5 for: SERVICES.PTXML >
    [2009.07.13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
    [2009.07.13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

    < MD5 for: SERVICES.SBS >
    [2013.07.16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

    < MD5 for: WINLOGON.ADML >
    [2011.04.12 03:15:49 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
    [2011.04.12 03:15:49 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml

    < MD5 for: WINLOGON.ADMX >
    [2009.06.10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
    [2009.06.10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx

    < MD5 for: WINLOGON.EXE >
    [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2011.04.12 03:15:37 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
    [2011.04.12 03:15:37 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
    [2010.11.20 03:33:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=F8476619C18A319B403AAE275A6A4C46 -- C:\Windows\System32\hr-HR\winlogon.exe.mui
    [2010.11.20 03:33:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=F8476619C18A319B403AAE275A6A4C46 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_hr-hr_b5bf28db3a740100\winlogon.exe.mui

    < MD5 for: WINLOGON.MFL >
    [2009.07.13 18:26:28 | 000,001,080 | ---- | M] () MD5=25448FF5977E91FF87B3A52D6B696803 -- C:\Windows\System32\wbem\hr-HR\winlogon.mfl
    [2009.07.13 18:26:28 | 000,001,080 | ---- | M] () MD5=25448FF5977E91FF87B3A52D6B696803 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_115066de58bdd6fb\winlogon.mfl
    [2011.04.12 03:15:38 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
    [2011.04.12 03:15:38 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl

    < MD5 for: WINLOGON.MOF >
    [2009.07.13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
    [2009.07.13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof

    < %SYSTEMDRIVE%\*.* >
    [2013.05.26 17:59:41 | 000,003,065 | ---- | M] () -- C:\AdwCleaner[S1].txt
    [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2013.11.19 18:37:11 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
    [2013.07.24 15:28:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2013.07.24 15:28:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2013.11.19 18:37:11 | 2029,371,392 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2010.11.20 22:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013.04.16 16:07:46 | 000,878,224 | ---- | M] (Space Sciences Laboratory) -- C:\Windows\boinc.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C has no label.
    Volume Serial Number is 54DD-0016
    Directory of C:\
    14.07.2009. 05:53 <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    14.07.2009. 05:53 <JUNCTION> Application Data [C:\ProgramData]
    14.07.2009. 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14.07.2009. 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14.07.2009. 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14.07.2009. 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14.07.2009. 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users
    14.07.2009. 05:53 <SYMLINKD> All Users [C:\ProgramData]
    14.07.2009. 05:53 <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    14.07.2009. 05:53 <JUNCTION> Application Data [C:\ProgramData]
    14.07.2009. 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14.07.2009. 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14.07.2009. 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14.07.2009. 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14.07.2009. 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    14.07.2009. 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    14.07.2009. 05:53 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
    14.07.2009. 05:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    14.07.2009. 05:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
    14.07.2009. 05:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    14.07.2009. 05:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    14.07.2009. 05:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    14.07.2009. 05:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    14.07.2009. 05:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    14.07.2009. 05:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    14.07.2009. 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    14.07.2009. 05:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    14.07.2009. 05:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    14.07.2009. 05:53 <JUNCTION> My Music [C:\Users\Default\Music]
    14.07.2009. 05:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    14.07.2009. 05:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Korisnik
    21.05.2013. 08:23 <JUNCTION> Application Data [C:\Users\Korisnik\AppData\Roaming]
    21.05.2013. 08:23 <JUNCTION> Cookies [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Cookies]
    21.05.2013. 08:23 <JUNCTION> Local Settings [C:\Users\Korisnik\AppData\Local]
    21.05.2013. 08:23 <JUNCTION> My Documents [C:\Users\Korisnik\Documents]
    21.05.2013. 08:23 <JUNCTION> NetHood [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    21.05.2013. 08:23 <JUNCTION> PrintHood [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    21.05.2013. 08:23 <JUNCTION> Recent [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Recent]
    21.05.2013. 08:23 <JUNCTION> SendTo [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\SendTo]
    21.05.2013. 08:23 <JUNCTION> Start Menu [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu]
    21.05.2013. 08:23 <JUNCTION> Templates [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Korisnik\AppData\Local
    21.05.2013. 08:23 <JUNCTION> Application Data [C:\Users\Korisnik\AppData\Local]
    21.05.2013. 08:23 <JUNCTION> History [C:\Users\Korisnik\AppData\Local\Microsoft\Windows\History]
    21.05.2013. 08:23 <JUNCTION> Temporary Internet Files [C:\Users\Korisnik\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Korisnik\Documents
    21.05.2013. 08:23 <JUNCTION> My Music [C:\Users\Korisnik\Music]
    21.05.2013. 08:23 <JUNCTION> My Pictures [C:\Users\Korisnik\Pictures]
    21.05.2013. 08:23 <JUNCTION> My Videos [C:\Users\Korisnik\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    14.07.2009. 05:53 <JUNCTION> My Music [C:\Users\Public\Music]
    14.07.2009. 05:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    14.07.2009. 05:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    0 File(s) 0 bytes
    50 Dir(s) 23.915.397.120 bytes free

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2013.05.21 09:37:12 | 000,000,221 | -HS- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
    [2013.10.16 21:03:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Korisnik\Desktop\erunt-setup.exe
    [2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
    [2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-05-21 09:05:47

    ========== Base Services ==========
    SRV - [2009.07.14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
    SRV - [2013.02.27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
    SRV - [2009.07.14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
    SRV - [2010.11.20 22:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
    SRV - [2010.11.20 22:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
    SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
    SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
    SRV - [2013.03.23 16:40:38 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
    SRV - [2013.03.23 16:34:59 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
    SRV - [2010.11.20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
    SRV - [2010.11.20 22:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2013.03.23 16:20:41 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009.07.14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
    SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
    SRV - [2009.07.14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
    SRV - [2010.11.20 22:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV - [2009.07.14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
    SRV - [2009.07.14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
    SRV - [2009.07.14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
    SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
    SRV - [2013.03.23 16:48:57 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
    SRV - [2009.07.14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
    SRV - [2013.03.23 16:24:50 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
    SRV - [2013.03.23 16:31:54 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
    SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV - [2009.07.14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
    SRV - [2010.11.20 22:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
    SRV - [2010.11.20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
    SRV - [2009.07.14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
    SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
    SRV - [2009.07.14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
    SRV - [2010.11.20 22:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
    SRV - [2010.11.20 22:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV - [2010.11.20 22:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
    SRV - [2010.11.20 22:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
    SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2013.03.23 16:41:02 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
    SRV - [2010.11.20 22:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
    SRV - [2010.11.20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
    SRV - [2010.11.20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
    SRV - [2010.11.20 22:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
    SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010.11.20 22:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
    SRV - [2010.11.20 22:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
    SRV - [2010.11.20 22:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
    SRV - [2010.11.20 22:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
    SRV - [2009.07.14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
    SRV - [2012.06.02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
    SRV - [2010.11.20 22:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
    SRV - [2009.07.14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
    SRV - [2010.11.20 22:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: ATA Hitachi HTS54323 SCSI Disk Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100,00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 151,00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 147,00GB
    Starting Offset: 162530328576
    Hidden sectors: 0


    < End of report >

  5. #5
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    Extras.txt

    OTL Extras logfile created on: 19.11.2013. 19:33:23 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korisnik\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

    1,89 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 65,61% Memory free
    3,78 Gb Paging File | 2,64 Gb Available in Paging File | 69,88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 151,27 Gb Total Space | 22,35 Gb Free Space | 14,77% Space Free | Partition Type: NTFS
    Drive D: | 146,72 Gb Total Space | 27,30 Gb Free Space | 18,61% Space Free | Partition Type: NTFS

    Computer Name: KORISNIK-PC | User Name: Korisnik | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [foobar2000.enqueue] -- "C:\Program Files\foobar2000\foobar2000.exe" /add "%1" (Piotr Pawlowski)
    Directory [foobar2000.play] -- "C:\Program Files\foobar2000\foobar2000.exe" "%1" (Piotr Pawlowski)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{C65EF1CC-4A9F-4A83-BE03-80A3243D3E10}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04AEF387-A6CF-43CD-AF5E-3C6BA3C09A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{0D5FA06E-0F19-4B49-9130-3287DEEA49C6}" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "{18E89CCB-A0AD-472B-9392-C3E26C3CC0A5}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
    "{1E18746D-2FA5-4879-B4DB-1539AC88300D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{37F1208E-D9AC-4355-AE29-F47734F5BFA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{37FFD9B2-23A1-4D58-8C04-58EE452672E4}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
    "{4E61EA41-0055-42EC-B7CF-B4A7FBB1BB02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5AEB08AC-2C00-41B5-AB90-BEF6234FA7D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{5CC39BA4-DA6E-47C0-99BD-2946F7FF0F56}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "{6112865D-AA69-48D7-80FB-4E4D2B08659A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{8E435D9A-3A2C-46FB-B26F-F9A07473C34C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A16BEF9C-84C3-415E-B3A0-5B61DB3CD9E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{AF52718A-15A8-4CD1-9119-7DD7729C3F00}" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "{B40367A4-D114-43FA-9C8D-58F9321145D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{E30ED415-BE27-4920-96ED-05744B9DBB9E}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
    "{F23D25B8-8A4A-4322-82D4-8D98AF89FF5D}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "TCP Query User{5EB3CABB-A47F-4182-9C1B-2A6FB5084719}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "TCP Query User{ED27E978-5DF7-47C6-AD12-54F692AF3F60}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{E221EA3A-AA43-462F-84D5-27C2B052916D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "UDP Query User{E5F987FE-A5E6-43E5-BB6B-ACF292DFA996}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
    "{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.3
    "{1A3A0526-E055-4B51-8F56-9C520509A572}" = Authorizer Ignition Key Support
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{29F1159B-A14A-4B2D-84CF-F1231F68178E}" = Duke Nukem - Manhattan Project (DEMO v1.0.1)
    "{32A3A4F4-B792-11D6-A78A-00B0D0170210}" = Java SE Development Kit 7 Update 21
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBD2D05-F6A2-3151-81ED-064B94A16C51}" = Google Chrome
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{818AD66C-A54A-409E-8489-2F2548F0880E}" = BOINC
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
    "{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.1
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-041A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Croatian) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-041A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Croatian) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-041A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Croatian) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-041A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Croatian) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-041A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Croatian) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-041A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Croatian) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
    "{90120000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-041A-0000-0000000FF1CE}" = Microsoft Office Proofing (Croatian) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-041A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Croatian) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-041A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Croatian) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-041A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Croatian) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-041A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Croatian) 2007
    "{90120000-0100-041A-0000-0000000FF1CE}" = Microsoft Office O MUI (Croatian) 2007
    "{90120000-0101-041A-0000-0000000FF1CE}" = Microsoft Office X MUI (Croatian) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
    "{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
    "{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1" = Authorizer 2.5.1
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "Audacity_is1" = Audacity 2.0.3
    "avast" = avast! Free Antivirus
    "Byki Express" = Byki Express
    "CCleaner" = CCleaner
    "Eight Legged Freaks" = Eight Legged Freaks (remove only)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Scanner" = EPSON Scan
    "EPSON SX130 Series Useg" = Korisnički vodič EPSON SX130 Series
    "ERUNT_is1" = ERUNT 1.1j
    "Foldit" = Foldit
    "foobar2000" = foobar2000 v1.2.9
    "Free Driver Backup_is1" = Free Driver Backup 9.4.5
    "Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
    "HiView_is1" = HiView
    "Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
    "Inkscape" = Inkscape 0.48.4
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{29F1159B-A14A-4B2D-84CF-F1231F68178E}" = Duke Nukem - Manhattan Project (DEMO v1.0.1)
    "IrfanView" = IrfanView (remove only)
    "KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.0 (Full)
    "LAME_is1" = LAME v3.99.3 (for Windows)
    "Line 6 Uninstaller" = Line 6 Uninstaller
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzija 1.75.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox 25.0.1 (x86 hr)" = Mozilla Firefox 25.0.1 (x86 hr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "OMUI.hr-hr" = Microsoft Office Language Pack 2007 - Croatian/Hrvatski
    "RealPlayer 16.0" = RealPlayer
    "Reason7.0_32_is1" = Reason 7.0.1
    "Santa Claus in Trouble" = Santa Claus in Trouble
    "SouthParkMario2.1" = SouthPark Mario Bros 2.1
    "SpeedFan" = SpeedFan (remove only)
    "SumatraPDF" = SumatraPDF
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VLC media player 2.1.0
    "WinRAR archiver" = WinRAR 5.00 (32-bit)
    "Wipe 2013" = Wipe 2013.59
    "Zombiepox_is1" = Zombiepox v1.1

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Search Protection" = Search Protection
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 19.11.2013. 15:03:15 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 158013

    Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 173863

    Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 173863

    Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 189806

    Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 189806

    Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 205781

    Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 205781

    [ Media Center Events ]
    Error - 16.8.2013. 7:12:50 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
    Description = 13:12:50 - Dohvaćanje stavke Directory nije uspjelo (Pogreška: The
    underlying connection was closed: An unexpected error occurred on a send.)

    Error - 16.8.2013. 7:12:50 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
    Description = 13:12:50 - Dohvaćanje stavke MCEClientUX nije uspjelo (Pogreška: The
    underlying connection was closed: An unexpected error occurred on a send.)

    Error - 16.8.2013. 7:13:11 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
    Description = 13:12:50 - Dohvaćanje stavke Broadband nije uspjelo (Pogreška: The
    underlying connection was closed: An unexpected error occurred on a send.)

    [ System Events ]
    Error - 16.11.2013. 15:37:59 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 16.11.2013. 15:48:15 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 17.11.2013. 10:46:55 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
    Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
    Wlansvc.

    Error - 17.11.2013. 13:06:32 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
    Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
    ShellHWDetection.

    Error - 17.11.2013. 14:57:09 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
    Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
    ShellHWDetection.

    Error - 17.11.2013. 15:20:46 | Computer Name = Korisnik-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 17.11.2013. 15:44:05 | Computer Name = Korisnik-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 20:29:06 on ?17.?11.?2013. was unexpected.

    Error - 18.11.2013. 18:13:59 | Computer Name = Korisnik-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 23:12:42 on ?18.?11.?2013. was unexpected.

    Error - 19.11.2013. 13:31:23 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7030
    Description = Servis avast! Antivirus označen je kao interaktivni servis. Međutim,
    sustav je konfiguriran tako da ne dozvoljava interaktivne servise. Servis možda
    neće ispravno funkcionirati.

    Error - 19.11.2013. 15:00:42 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.


    < End of report >

  6. #6
    Malware Team OCD's Avatar
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    968

    Default

    Hi black_lilies,

    RogueKiller

    Download to your desktop RogueKiller (by tigzy)
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Quit all programs
    • Wait until Prescan has finished ...
    • Click on Scan, Do Not Fix Anything at this point.
    • Click the Report button, save the report to your desktop

    =========================

    ComboFix

    Refer to the ComboFix User's Guide

    • Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • RKreport.txt
    • ComboFix.txt
    • Please describe the symptoms you are experiencing.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

  7. #7
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    Hi OCD,

    I still have the same problem with the sound. Also, on local disk D: there's a new empty folder $RECYCLE.BIN which doesn't seem like it's empty, it says there's one file and a folder inside. And its disk size is changing, it was first 4 KB, then 8 KB and now it's back to 4. I didn't notice anything else.


    RKreport.txt

    RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Korisnik [Admin rights]
    Mode : Scan -- Date : 11/20/2013 15:44:07
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] SearchProtection.exe -- C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]
    [SUSP PATH] afom.exe -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1339427262-3479436622-1115934270-1000\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54323 SCSI Disk Device +++++
    --- User ---
    [MBR] 295c75d871fcf1297cf1145835049b8e
    [BSP] 9dba65ade744a9c0c0256ba54bc190d8 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 154900 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317442048 | Size: 150243 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_11202013_154407.txt >>




    ComboFix.txt

    ComboFix 13-11-19.01 - Korisnik 0.11.2013. 15:52:33.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.1126 [GMT 1:00]
    Running from: c:\users\Korisnik\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))
    .
    .
    2013-11-20 15:04 . 2013-11-20 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-11-19 17:38 . 2013-11-19 17:38 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVAST Software
    2013-11-08 08:23 . 2013-11-08 08:23 -------- d-----w- c:\program files\iPod
    2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-11-19 17:31 . 2013-05-21 09:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-11-19 17:31 . 2013-05-21 09:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-11-19 17:31 . 2013-05-21 09:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-11-19 17:31 . 2013-05-21 09:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-11-19 17:31 . 2013-05-21 09:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-11-19 17:31 . 2013-05-21 09:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-11-19 17:31 . 2013-05-21 09:42 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-11-19 17:31 . 2013-05-21 09:43 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-11-19 17:31 . 2013-05-21 09:42 269216 ----a-w- c:\windows\system32\aswBoot.exe
    2013-11-19 17:31 . 2013-05-21 09:41 43152 ----a-w- c:\windows\avastSS.scr
    2013-10-20 22:50 . 2013-10-20 22:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-10-08 21:33 . 2013-05-22 00:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-08 21:33 . 2013-05-22 00:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-24 21:41 . 2013-06-27 14:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-08-24 21:41 . 2013-06-27 14:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-11-19 17:30 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-09 1591808]
    "SearchProtection"="c:\users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09-03 832360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-03-06 5655144]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-16 3667600]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-16 71312]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-24 295512]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
    .
    c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    Wipe tray agent 2013.lnk - c:\program files\Wipe 2013\wipetray.exe startup [2013-10-15 216880]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21 8443832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2013-05-08 16:24 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-08-20 110408]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 331080]
    R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
    R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
    R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
    R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
    R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-04 351288]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-04 796216]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-03-23 14848]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-23 24064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-23 49664]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-23 27136]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 532536]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 25656]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
    S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
    S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13 1830544]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-09-19 209552]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-11-15 14:44 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 21:33]
    .
    2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
    .
    2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.hr/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
    FF - prefs.js: browser.startup.homepage - hxxp://mindmillion.com/inspiration.html
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2013-09-28 21:17; ; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
    FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
    FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
    FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
    FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\taskhost.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\conhost.exe
    c:\program files\CyberLink\YouCam\YCMMirage.exe
    c:\program files\BOINC\boinc.exe
    c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    c:\windows\system32\conhost.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Wipe 2013\wipetray.exe
    c:\programdata\BOINC\projects\http://www.worldcommunitygrid.org\wc...ndows_intelx86
    c:\windows\system32\conhost.exe
    c:\programdata\BOINC\projects\http://www.worldcommunitygrid.org\wc...ndows_intelx86
    c:\windows\system32\conhost.exe
    c:\programdata\BOINC\projects\http://www.worldcommunitygrid.org\wc...od_32.exe.7.06
    c:\windows\system32\conhost.exe
    c:\programdata\BOINC\projects\http://www.worldcommunitygrid.org\wc...od_32.exe.7.06
    c:\windows\system32\conhost.exe
    c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    .
    **************************************************************************
    .
    Completion time: 2013-11-20 16:16:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-11-20 15:16
    .
    Pre-Run: 28.300.029.952 bytes free
    Post-Run: 28.410.585.088 bytes free
    .
    - - End Of File - - 2F492973F0BF92E8C7AF8F2E8A5EF7BA
    A36C5E4F47E84449FF07ED3517B43A31

  8. #8
    Malware Team OCD's Avatar
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    968

    Default

    Hi black_lilies,

    In regards to the audio issue:
    • Can you explain when it happens?
      • Is the sound playing on the Internet, web sites?
      • Can you load a music CD and get audio?

    =========================

    After that I found a folder named 3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ on local disk C:, full of other folders (the number of folders increasing constantly)
    Can you give some more detailed information about this issue? Complete path to this folder/file.

    =========================

    Re-run RogueKiller

    Right click and select "Run as Administrator"
    • Quit all programs
    • Wait until Prescan has finished ...
    • Click on Scan.
    • After the scan has completed click on the Registry tab
    • Place a check mark next to each of the following entries:

      • [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
        [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

    • Remove the check mark from all other entries listed
    • Click the Delete button
    • Click the Report button, save the report to your desktop

    =========================

    In your next post please provide the following:

    • RKreport
    • Answer to questions asked

    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

  9. #9
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    Hi, OCD

    Good news today . I think I solved the sound issue, just changed something in the Control Panel, related to power management. I really have no idea how this is related, but I've restarted my laptop a few times now and the sound works normally. And when I change it back to the old settings, there's the same problem again.


    Quote Originally Posted by OCD View Post
    Can you give some more detailed information about this issue? Complete path to this folder/file.
    Full path to the folder was C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ. It was full of other folders, all with similar names like ZZ..Z...Z...Z..Z (different combinations of Zs and periods), and the new ones just kept appearing. Also, it seemed like there was less space on local disk, but I'm not sure about this. After cleaning up some space on my computer, the folder was replaced by the file 3590F75ABA9E485486C100C1A9D4FF06XZRURUNVBZAFAFQC, which later disappeared. And I previously had a file with a similar name, 3590F75ABA9E485486C100C1A9D4FF06CIKFRWNFNGUMLJVK, on local disk, which also disappeared by itself.


    About the new $RECYCLE.BIN folder... It looks like it's actually related to Recycle Bin, as its size changes whenever I put something in Recycle Bin or empty it. I archived this folder and inside there's a folder S-1-5-21-1339427262-3479436622-1115934270-1000, and inside this folder is desktop.ini and two .rar archives: $IVUL567.rar and $RVUL567.rar. Do you know what that could be? (I'm probably just paranoid )

    Anyway, I did what you said and here's the report:


    RKreport

    RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Korisnik [Admin rights]
    Mode : Remove -- Date : 11/21/2013 20:19:49
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] SearchProtection.exe -- C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]
    [SUSP PATH] afom.exe -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
    [RUN][SUSP PATH] HKUS\S-1-5-21-1339427262-3479436622-1115934270-1000\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54323 SCSI Disk Device +++++
    --- User ---
    [MBR] 295c75d871fcf1297cf1145835049b8e
    [BSP] 9dba65ade744a9c0c0256ba54bc190d8 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 154900 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317442048 | Size: 150243 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_11212013_201949.txt >>
    RKreport[0]_S_11212013_201612.txt

  10. #10
    Malware Team OCD's Avatar
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    968

    Default

    Hi black_lilies,

    I missed this other entry, please re-run RogueKiller.

    Re-run RogueKiller

    Right click and select "Run as Administrator"
    • Quit all programs
    • Wait until Prescan has finished ...
    • Click on Scan.
    • After the scan has completed click on the Registry tab
    • Place a check mark next to each of the following entries:
      • [HJ POL][PUM]HKLM\[...]\System : DisableRegistryTools (0)
    • If you cannot see the complete line to be selected, place the cursor on the line between "Key" and "Value" menu header.
    • Left click and drag the window to the right to expand the field.
    • Use the scroll bar at the bottom of the programs window to view the full path.
    • Remove the check mark from all other entries listed
    • Click the Delete button
    • Click the Report button, save the report to your desktop

    =========================

    Run OTL.exe

      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Files
      C:\359*ZZZ..Z.....ZZZZZ
      
      :Commands
      [createrestorepoint]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done

    =========================

    ComboFix

    Refer to the ComboFix User's Guide

    • Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • RKreport.txt
    • OTL fix log
    • ComboFix.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •