Browser problems after removing win32.downloader.gen

**black_lilies** · 2014-07-12, 20:11

Hi,

I recently removed win32.downloader.gen with Spybot and I still have problems with Firefox. It freezes and I usually can't close it--if I do close it, my computer eventually freezes too and I have to manually shut it down. I thought it was because I had too many add-ons, so I completely reset my browser, but there are still problems. Except for freezing, some random pages can't open, and when I click refresh they open. Also, sometimes a download dialog box opens when I know I didn't click anything--I also noticed this in my other browser.

None of my anti-malware programs find anything, including Spybot.

I have problems with ERUNT--when I install it, every time I start my computer it opens an error message and can't backup the registry.

Ok, here are my scans, and thank you VERY much in advance

...

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207
Run by Korisnik at 15:06:34 on 2014-07-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.882 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://net.pbz.hr/netBanking/
uSearchURL,(Default) = about:blank
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - c:\program files\adtrustmedia\privdog\2.2.0.14\trustedads.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [OV3_Monitor] "c:\program files\olympus\olympus viewer 3\OV3Monitor.exe" -NoStart
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Wipe Maintance] "c:\program files\net1-wipe\net1.exe" windowsStartup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [PrivDogService] "c:\program files\adtrustmedia\privdog\2.2.0.14\trustedadssvc.exe"
mRun: [ComodoFSChrome] "c:\program files\adtrustmedia\privdog\FinalizeSetup.exe" /c
mRun: [OV3_Monitor] "c:\program files\olympus\olympus viewer 3\FirstStart.exe" /OS
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - c:\program files\adtrustmedia\privdog\2.2.0.14\trustedads.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}\651434F4D40244E2F4E2F4E2 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\w75gd529.default-1405094361813\
FF - prefs.js: browser.search.selectedEngine - GoodSearch
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/hr/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwdplugin821.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
FF - plugin: c:\users\korisnik\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\korisnik\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1210150.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-21 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-21 192352]
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-9-1 532536]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-9-1 25656]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2013-5-21 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-5-21 414520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-11 120088]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2013-5-21 87968]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-26 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-21 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-17 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-7-5 50344]
R2 BoxSyncUpdateService;Box Sync Update Service;c:\program files\box\box sync\SyncUpdaterService.exe [2013-12-26 20992]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2012-11-21 2571704]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2013-10-7 218112]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2014-5-21 2135232]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2013-5-21 14904]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2013-5-21 1830544]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-7-21 1153368]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-11-4 660184]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\checkpoint\zonealarm\ZAPrivacyService.exe [2014-5-29 90936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-26 23256]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-7-17 55104]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\drivers\RtsP2Stor.sys [2013-5-21 209552]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-3-14 552080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-11 860472]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2013-2-28 110408]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2013-2-28 331080]
S3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2013-3-14 75816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2013-3-14 130152]
S3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2013-3-14 150568]
S3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2013-3-14 435240]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\system32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2013-2-27 351288]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2013-2-27 796216]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-11 51928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2013-2-27 73984]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2013-2-27 165120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-11-4 16024]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-23 14848]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-11-4 1228504]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-3-23 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-23 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-3-23 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
S3 WatAdminSvc;Servis Tehnologije aktivacije sustava Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-12-31 1343400]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-11 1809720]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-11 23:49:27 -------- d-----w- c:\users\korisnik\appdata\local\AlawarWrapper
2014-07-11 23:49:27 -------- d-----w- c:\program files\Trymedia
2014-07-11 23:49:26 -------- d-----w- c:\programdata\AlawarWrapper
2014-07-11 23:49:26 -------- d-----w- c:\program files\NCH Software
2014-07-11 23:04:33 -------- d-----w- c:\program files\Reason
2014-07-11 22:28:31 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-11 20:53:22 -------- d-----w- C:\AdwCleaner
2014-07-11 10:31:20 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-11 10:30:15 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-11 10:30:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-11 10:30:14 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-11 10:24:21 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eacac718-5510-4c4d-90cb-9223aa8458ea}\mpengine.dll
2014-07-10 18:10:20 -------- d-----w- c:\program files\Todoist
2014-07-09 15:47:37 5659136 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-07-09 13:57:48 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-09 13:56:53 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-05 11:42:33 43152 ----a-w- c:\windows\avastSS.scr
2014-06-30 08:09:54 -------- d-----w- c:\program files\ESET
2014-06-26 23:13:30 -------- d-----w- c:\program files\CheckPoint
2014-06-26 15:15:51 -------- d-----w- c:\users\korisnik\appdata\local\Amazon
2014-06-16 16:03:51 -------- d-----w- c:\users\korisnik\appdata\roaming\MPC-HC
2014-06-16 15:22:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-12 15:24:48 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-12 15:24:48 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-12 15:24:47 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-12 15:24:47 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-12 15:24:39 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-12 15:24:39 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-12 15:24:13 626688 ----a-w- c:\windows\system32\usp10.dll
.
==================== Find3M ====================
.
2014-07-09 16:31:35 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 16:31:34 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-05 11:42:39 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-05 11:42:39 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-05 11:42:39 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-05 11:42:39 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-05 11:42:39 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-05 11:42:38 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-05 11:42:38 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-30 00:35:18 456088 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2014-05-29 08:48:06 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-05-12 05:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-09 07:06:23 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04:12 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:06:54 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06:54 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-26 10:23:38 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400156905341
2014-04-26 10:23:38 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400156905341
2014-04-25 15:28:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 15:07:46,91 ===============

aswMBR.txt

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-12 15:13:53
-----------------------------
15:13:53.253 OS Version: Windows 6.1.7601 Service Pack 1
15:13:53.253 Number of processors: 2 586 0x2A07
15:13:53.253 ComputerName: KORISNIK-PC UserName: Korisnik
15:14:01.755 Initialize success
15:14:01.755 VM: initialized successfully
15:14:01.787 VM: Intel CPU BiosDisabled
15:15:37.440 VM: disk I/O iaStorA.sys
15:15:41.044 AVAST engine defs: 14071200
15:15:47.580 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
15:15:47.580 Disk 0 Vendor: ATA_____ A60W Size: 305245MB BusType: 11
15:15:47.720 Disk 0 MBR read successfully
15:15:47.736 Disk 0 MBR scan
15:15:47.736 Disk 0 Windows 7 default MBR code
15:15:47.752 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:15:47.752 Disk 0 Boot: NTFS code=2
15:15:47.767 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 154900 MB offset 206848
15:15:47.798 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150243 MB offset 317442048
15:15:47.798 Disk 0 scanning sectors +625139712
15:15:47.923 Disk 0 scanning C:\Windows\system32\drivers
15:15:58.860 Service scanning
15:16:53.288 Modules scanning
15:17:18.982 Disk 0 trace - called modules:
15:17:19.013 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
15:17:19.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87978ac8]
15:17:19.028 3 CLASSPNP.SYS[8939759e] -> nt!IofCallDriver -> [0x87978020]
15:17:19.028 5 iaStorF.sys[89411138] -> nt!IofCallDriver -> \Device\0000006d[0x85938c68]
15:17:20.370 AVAST engine scan C:\Windows
15:17:22.164 AVAST engine scan C:\Windows\system32
15:19:57.993 AVAST engine scan C:\Windows\system32\drivers
15:20:13.265 AVAST engine scan C:\Users\Korisnik
15:40:51.243 AVAST engine scan C:\ProgramData
15:43:39.755 Scan finished successfully
15:44:06.634 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
15:44:06.634 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"

**ken545** · 2014-07-13, 01:51

Run these programs in order please and post the log from each one, I prefer you copy and paste each log into this thread in lew of attaching them, they most likely wont fit all in one post so take as many posts as you need .

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

=========================================

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================================================

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select the Scan tab.
Select type of scan to perform:
- Threat Scan < --- Select this type of scan
- Custom Scan
- Hyper Scan
Next click the Scan Now button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

**black_lilies** · 2014-07-13, 15:49

Thanks for replying so quickly. Malwarebytes didn't find anything. I scanned with AdwCleaner yesterday but restored everything from quarantine and decided to post a topic here (that's why I have multiple logs).

AdwCleaner

# AdwCleaner v3.215 - Report created 13/07/2014 at 14:25:13
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Korisnik - KORISNIK-PC
# Running from : C:\Users\Korisnik\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Users\Korisnik\AppData\Local\AlawarWrapper
Folder Deleted : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v30.0 (hr)

[ File : C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\SimpleClocks\prefs.js ]

[ File : C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3213 octets] - [11/07/2014 22:53:31]
AdwCleaner[R1].txt - [1248 octets] - [12/07/2014 00:27:15]
AdwCleaner[R2].txt - [1243 octets] - [12/07/2014 00:33:22]
AdwCleaner[R3].txt - [1623 octets] - [13/07/2014 14:23:37]
AdwCleaner[S0].txt - [3338 octets] - [11/07/2014 23:49:26]
AdwCleaner[S1].txt - [1311 octets] - [12/07/2014 00:28:55]
AdwCleaner[S2].txt - [1554 octets] - [13/07/2014 14:25:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1614 octets] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Korisnik on ned 13.07.2014. at 14:37:51,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\Users\Korisnik\Local Settings\Application Data\adtrustmedia"
Successfully deleted: [Folder] "C:\Users\Korisnik\Local Settings\Application Data\big fish"
Successfully deleted: [Folder] "C:\Program Files\adtrustmedia"
Successfully deleted: [Folder] "C:\bigfishcache"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ned 13.07.2014. at 14:41:21,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**ken545** · 2014-07-13, 16:54

Good, I know removing this garbage sometimes can be a bit challenging

Lets take a closer look

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

**black_lilies** · 2014-07-13, 17:38

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-07-2014
Ran by Korisnik (administrator) on KORISNIK-PC on 13-07-2014 17:15:45
Running from C:\Users\Korisnik\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Engleski (Sjedinjene Države)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5655144 2012-03-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-05] (AVAST Software)
HKLM\...\Run: [ComodoFSChrome] => "C:\Program Files\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM\...\Run: [OV3_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe [55656 2014-01-28] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [BoxSync] => c:\Program Files\Box\Box Sync\BoxSync.exe [12560640 2014-07-02] (Box, Inc.)
HKU\S-1-5-21-1339427262-3479436622-1115934270-1000\...\Run: [OV3_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [420200 2014-01-28] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1339427262-3479436622-1115934270-1000\...\Run: [Wipe Maintance] => C:\Program Files\net1-wipe\net1.exe [491320 2014-06-27] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
ShellIconOverlayIdentifiers: 0000BoxSyncFileLocked -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncNotSynced -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncProblem -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncSynced -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://net.pbz.hr/netBanking/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x23E02F66FE55CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {D282ACF4-DD47-448D-9013-D29C8D9B75F1} URL =
SearchScopes: HKCU - {FFAB1B2F-B3C1-4B3B-8C5B-B07B36694368} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
BHO: No Name - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813
FF DefaultSearchEngine: GoodSearch
FF SelectedSearchEngine: GoodSearch
FF Homepage: https://startpage.com/hr/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @IBM.com/WDPlugin,version=1 - C:\Program Files\Mozilla Firefox\plugins ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Korisnik\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @IBM.com/WDPlugin,version=1 - C:\Program Files\Mozilla Firefox\plugins ()
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Korisnik\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwdplugin821.dll (IBM )
FF Plugin ProgramFiles/Appdata: C:\Users\Korisnik\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\goodsearch.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\googlemaps.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\googletranslate.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\soundcloud.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\wayback-machine.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\webster.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\wikipedia-eng.xml
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\wolframalpha.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eudict.xml
FF Extension: British English Dictionary (Updated) - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\en-gb@flyingtophat.co.uk [2014-07-11]
FF Extension: United States English Spellchecker - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\en-US@dictionaries.addons.mozilla.org [2014-07-11]
FF Extension: Dictionnaires français - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2014-07-11]
FF Extension: Croatian Dictionary (Hrvatski Rjecnik) - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\hr-HR-2@dictionaries.addons.mozilla.org [2014-07-11]
FF Extension: MaskMe - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\idme@abine.com [2014-07-11]
FF Extension: Icelandic Dictionary - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\is@dictionaries.addons.mozilla.org [2014-07-11]
FF Extension: Svenska fria ordlistan - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\swedish@dictionaries.addons.mozilla.org [2014-07-11]
FF Extension: Lightshot (screenshot tool) - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-07-11]
FF Extension: WOT - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-11]
FF Extension: Disconnect - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\2.0@disconnect.me.xpi [2014-07-11]
FF Extension: Self-Destructing Cookies - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-07-11]
FF Extension: All-in-One Sidebar - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-07-11]
FF Extension: Copy As Plain Text - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2014-07-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [PrivDog@AdTrustMedia.com] - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions
FF Extension: No Name - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions [2013-05-22]

Chrome:
=======
CHR HomePage: hxxp://www.google.hr/
CHR RestoreOnStartup: "hxxp://www.google.hr/"
CHR DefaultSearchKeyword: g
CHR DefaultSearchProvider: Google.hr
CHR DefaultSearchURL: https://www.google.hr/search?output=search&sclient=psy-ab&q={searchTerms}&btnG=&oq=&gs_l=&pbx=1
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google disk) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-21]
CHR Extension: (YouTube) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-21]
CHR Extension: (No Name) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-07-12]
CHR Extension: (Google pretrau017Eivanje) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-21]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-05-21]
CHR Extension: (FoxyProxy Standard) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-06-26]
CHR Extension: (avast! Online Security) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-21]
CHR Extension: (RealDownloader) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-21]
CHR Extension: (Google Karte) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-05-21]
CHR Extension: (Google Novanik) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (TS Magic Player) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg [2013-05-21]
CHR Extension: (Gmail) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [20992 2013-12-26] (Box Inc.) [File not signed]
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2571704 2012-11-21] (WIBU-SYSTEMS AG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1830544 2012-09-13] (Realsil Microelectronics Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110408 2012-08-20] (ASMedia Technology Inc)
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [331080 2012-08-20] (ASMedia Technology Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 b06diag; C:\Windows\system32\drivers\bxdiagx.sys [75816 2012-03-08] (Broadcom Corporation)
S3 BFN7x86; C:\Windows\system32\drivers\Xeno7x86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [150568 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [435240 2012-02-22] (Broadcom Corporation)
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65152 2012-07-24] (Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [88832 2012-07-24] (Etron Technology Inc)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [351288 2012-12-04] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [796216 2012-12-04] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [209552 2012-09-19] (Realtek Semiconductor Corp.)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2013-11-22] () [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-05-30] (Check Point Software Technologies Ltd.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-13 17:15 - 2014-07-13 17:16 - 00026727 _____ () C:\Users\Korisnik\Desktop\FRST.txt
2014-07-13 17:15 - 2014-07-13 17:15 - 00000000 ____D () C:\FRST
2014-07-13 17:13 - 2014-07-13 17:13 - 01077248 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST.exe
2014-07-13 14:45 - 2014-07-13 14:45 - 00000000 ____H () C:\ProgramData\cm-lock
2014-07-13 14:44 - 2014-07-13 14:44 - 00000022 _____ () C:\Windows\S.dirmngr
2014-07-13 14:41 - 2014-07-13 14:41 - 00001297 _____ () C:\Users\Korisnik\Desktop\JRT.txt
2014-07-13 14:33 - 2014-07-13 14:34 - 01016261 _____ (Thisisu) C:\Users\Korisnik\Desktop\JRT.exe
2014-07-13 14:29 - 2014-07-13 14:29 - 00001694 _____ () C:\Users\Korisnik\Desktop\AdwCleaner[S2].txt
2014-07-13 14:19 - 2014-07-13 14:20 - 01348263 _____ () C:\Users\Korisnik\Desktop\AdwCleaner.exe
2014-07-13 14:03 - 2014-07-13 14:03 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\CrashDumps
2014-07-13 13:56 - 2014-07-13 13:56 - 00121200 _____ () C:\Users\Korisnik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-12 20:23 - 2014-07-12 20:23 - 00000000 ___HD () C:\Users\Korisnik\.boxsync
2014-07-12 15:44 - 2014-07-12 15:44 - 00002202 _____ () C:\Users\Korisnik\Desktop\aswMBR.txt
2014-07-12 15:44 - 2014-07-12 15:44 - 00000512 _____ () C:\Users\Korisnik\Desktop\MBR.dat
2014-07-12 15:12 - 2014-07-12 15:12 - 00003329 _____ () C:\Users\Korisnik\Desktop\attach.zip
2014-07-12 15:08 - 2014-07-12 15:08 - 00012441 _____ () C:\Users\Korisnik\Desktop\attach.txt
2014-07-12 15:08 - 2014-07-12 15:07 - 00021012 _____ () C:\Users\Korisnik\Desktop\dds.txt
2014-07-12 01:57 - 2014-07-12 01:57 - 05185536 _____ (AVAST Software) C:\Users\Korisnik\Desktop\aswMBR.exe
2014-07-12 01:55 - 2014-07-12 01:55 - 00688992 ____R (Swearware) C:\Users\Korisnik\Desktop\dds.scr
2014-07-12 01:50 - 2014-07-13 17:12 - 00000000 ____D () C:\Users\Korisnik\Desktop\Nova mapa
2014-07-12 01:04 - 2014-07-12 01:04 - 00000000 ____D () C:\Program Files\Reason
2014-07-12 00:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-11 23:52 - 2014-07-13 14:44 - 00000616 _____ () C:\Windows\setupact.log
2014-07-11 23:52 - 2014-07-13 14:26 - 00001522 _____ () C:\Windows\PFRO.log
2014-07-11 23:52 - 2014-07-11 23:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 22:53 - 2014-07-13 14:25 - 00000000 ____D () C:\AdwCleaner
2014-07-11 12:31 - 2014-07-13 15:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 12:30 - 2014-07-11 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-11 12:30 - 2014-07-11 12:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-11 12:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-11 12:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-10 22:36 - 2014-07-10 22:36 - 00019032 _____ () C:\Users\Korisnik\Desktop\bBBtodoist_for_thunderbird-4.3-tb.xpi
2014-07-10 20:10 - 2014-07-10 20:10 - 00000913 _____ () C:\Users\Public\Desktop\Todoist.lnk
2014-07-10 20:10 - 2014-07-10 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Todoist
2014-07-10 20:10 - 2014-07-10 20:10 - 00000000 ____D () C:\Program Files\Todoist
2014-07-09 17:47 - 2014-07-09 18:31 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 15:58 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 15:58 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 15:58 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 15:58 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 15:58 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 15:58 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 15:58 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 15:58 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 15:58 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 15:58 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 15:58 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 15:58 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 15:58 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 15:58 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 15:58 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 15:58 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 15:58 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 15:58 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 15:58 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 15:58 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 15:58 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 15:58 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 15:58 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 15:58 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 15:58 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 15:58 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 15:58 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 15:58 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 15:58 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 15:58 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 15:57 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 15:57 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 15:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 15:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 15:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 15:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 15:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 15:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 15:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 15:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 15:57 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 15:56 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-06 16:44 - 2014-07-06 16:45 - 00000000 ____D () C:\Users\Korisnik\Documents\my collection
2014-07-05 16:27 - 2014-07-05 16:27 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacije sustava Dragon
2014-07-05 16:25 - 2014-07-05 16:25 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragon
2014-07-05 14:02 - 2014-07-05 14:03 - 00001812 _____ () C:\Users\Korisnik\Desktop\IrfanView Thumbnails.lnk
2014-07-05 14:02 - 2014-07-05 14:03 - 00000932 _____ () C:\Users\Korisnik\Desktop\IrfanView.lnk
2014-07-05 14:02 - 2014-07-05 14:02 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-05 13:42 - 2014-07-05 13:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-30 10:09 - 2014-06-30 10:09 - 00000000 ____D () C:\Program Files\ESET
2014-06-27 04:01 - 2014-06-27 04:01 - 00000218 _____ () C:\Users\Korisnik\AppData\Local\recently-used.xbel
2014-06-27 02:55 - 2014-06-26 17:16 - 00002228 _____ () C:\Users\Korisnik\Desktop\Kindle.lnk
2014-06-27 01:49 - 2014-06-27 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2014-06-27 01:18 - 2014-06-27 01:19 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-06-27 01:18 - 2014-06-27 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-27 01:13 - 2014-06-27 01:18 - 00000000 ____D () C:\Program Files\CheckPoint
2014-06-26 17:16 - 2014-07-04 18:50 - 00000000 ____D () C:\Users\Korisnik\Documents\My Kindle Content
2014-06-26 17:16 - 2014-06-26 17:16 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-06-26 17:15 - 2014-06-26 17:16 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Amazon
2014-06-21 00:59 - 2014-06-21 01:03 - 72194560 _____ () C:\Users\Korisnik\Downloads\Khaled_Hosseini_tells_his_refugee_story_hd1080.mp4
2014-06-17 18:11 - 2014-07-13 16:33 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1339427262-3479436622-1115934270-1000.job
2014-06-16 18:03 - 2014-06-16 18:03 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\MPC-HC
2014-06-16 17:22 - 2014-06-16 17:22 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-16 17:22 - 2014-06-16 17:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-16 17:22 - 2014-06-16 17:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-16 17:22 - 2014-06-16 17:22 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-16 17:22 - 2014-06-16 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-16 17:22 - 2014-06-16 17:22 - 00000000 ____D () C:\Program Files\Common Files\Java

==================== One Month Modified Files and Folders =======

2014-07-13 17:16 - 2014-07-13 17:15 - 00026727 _____ () C:\Users\Korisnik\Desktop\FRST.txt
2014-07-13 17:15 - 2014-07-13 17:15 - 00000000 ____D () C:\FRST
2014-07-13 17:14 - 2013-05-21 11:27 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 17:13 - 2014-07-13 17:13 - 01077248 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST.exe
2014-07-13 17:12 - 2014-07-12 01:50 - 00000000 ____D () C:\Users\Korisnik\Desktop\Nova mapa
2014-07-13 17:11 - 2014-01-14 17:13 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Box Sync
2014-07-13 17:11 - 2013-11-20 17:09 - 01557799 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 16:33 - 2014-06-17 18:11 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1339427262-3479436622-1115934270-1000.job
2014-07-13 16:31 - 2013-05-22 02:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 15:08 - 2014-07-11 12:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 14:53 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-13 14:53 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-13 14:45 - 2014-07-13 14:45 - 00000000 ____H () C:\ProgramData\cm-lock
2014-07-13 14:44 - 2014-07-13 14:44 - 00000022 _____ () C:\Windows\S.dirmngr
2014-07-13 14:44 - 2014-07-11 23:52 - 00000616 _____ () C:\Windows\setupact.log
2014-07-13 14:44 - 2013-05-21 11:27 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 14:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 14:41 - 2014-07-13 14:41 - 00001297 _____ () C:\Users\Korisnik\Desktop\JRT.txt
2014-07-13 14:34 - 2014-07-13 14:33 - 01016261 _____ (Thisisu) C:\Users\Korisnik\Desktop\JRT.exe
2014-07-13 14:29 - 2014-07-13 14:29 - 00001694 _____ () C:\Users\Korisnik\Desktop\AdwCleaner[S2].txt
2014-07-13 14:26 - 2014-07-11 23:52 - 00001522 _____ () C:\Windows\PFRO.log
2014-07-13 14:25 - 2014-07-11 22:53 - 00000000 ____D () C:\AdwCleaner
2014-07-13 14:20 - 2014-07-13 14:19 - 01348263 _____ () C:\Users\Korisnik\Desktop\AdwCleaner.exe
2014-07-13 14:03 - 2014-07-13 14:03 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\CrashDumps
2014-07-13 13:56 - 2014-07-13 13:56 - 00121200 _____ () C:\Users\Korisnik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-12 20:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-12 20:29 - 2013-06-13 17:41 - 00000000 ____D () C:\Users\Korisnik\Documents\+Vozni redovi
2014-07-12 20:28 - 2013-07-10 00:18 - 00000000 ____D () C:\Users\Korisnik\Documents\Backups
2014-07-12 20:23 - 2014-07-12 20:23 - 00000000 ___HD () C:\Users\Korisnik\.boxsync
2014-07-12 20:23 - 2013-05-21 09:23 - 00000000 ____D () C:\Users\Korisnik
2014-07-12 20:16 - 2014-01-14 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2014-07-12 16:49 - 2014-01-14 17:26 - 00000000 ____D () C:\Users\Korisnik\Box Sync
2014-07-12 15:44 - 2014-07-12 15:44 - 00002202 _____ () C:\Users\Korisnik\Desktop\aswMBR.txt
2014-07-12 15:44 - 2014-07-12 15:44 - 00000512 _____ () C:\Users\Korisnik\Desktop\MBR.dat
2014-07-12 15:12 - 2014-07-12 15:12 - 00003329 _____ () C:\Users\Korisnik\Desktop\attach.zip
2014-07-12 15:08 - 2014-07-12 15:08 - 00012441 _____ () C:\Users\Korisnik\Desktop\attach.txt
2014-07-12 15:07 - 2014-07-12 15:08 - 00021012 _____ () C:\Users\Korisnik\Desktop\dds.txt
2014-07-12 01:57 - 2014-07-12 01:57 - 05185536 _____ (AVAST Software) C:\Users\Korisnik\Desktop\aswMBR.exe
2014-07-12 01:55 - 2014-07-12 01:55 - 00688992 ____R (Swearware) C:\Users\Korisnik\Desktop\dds.scr
2014-07-12 01:04 - 2014-07-12 01:04 - 00000000 ____D () C:\Program Files\Reason
2014-07-12 00:21 - 2013-07-24 21:13 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\foobar2000
2014-07-11 23:52 - 2014-07-11 23:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 20:30 - 2013-10-16 22:07 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-11 18:37 - 2013-05-22 02:04 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Macromedia
2014-07-11 16:58 - 2013-07-21 23:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-11 14:50 - 2013-06-28 18:41 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\inkscape
2014-07-11 14:38 - 2013-05-25 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 14:37 - 2013-05-25 14:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-11 12:30 - 2014-07-11 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-11 12:30 - 2014-07-11 12:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-11 12:30 - 2013-05-26 19:13 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Malwarebytes
2014-07-11 12:30 - 2013-05-26 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-11 12:18 - 2014-05-04 21:45 - 00000000 ____D () C:\Users\Korisnik\Documents\My Digital Editions
2014-07-10 22:36 - 2014-07-10 22:36 - 00019032 _____ () C:\Users\Korisnik\Desktop\bBBtodoist_for_thunderbird-4.3-tb.xpi
2014-07-10 20:11 - 2013-05-22 03:32 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Todoist
2014-07-10 20:10 - 2014-07-10 20:10 - 00000913 _____ () C:\Users\Public\Desktop\Todoist.lnk
2014-07-10 20:10 - 2014-07-10 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Todoist
2014-07-10 20:10 - 2014-07-10 20:10 - 00000000 ____D () C:\Program Files\Todoist
2014-07-10 12:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-09 18:31 - 2014-07-09 17:47 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 18:31 - 2013-11-24 21:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 18:31 - 2013-05-22 02:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 17:57 - 2013-05-24 12:39 - 00000000 ____D () C:\Users\Korisnik\Desktop\SR
2014-07-09 17:54 - 2013-05-21 10:39 - 00000000 ____D () C:\ProgramData\Temp
2014-07-09 17:53 - 2013-12-01 17:41 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-07-09 17:50 - 2009-07-14 06:33 - 00451872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 17:48 - 2011-04-12 04:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 16:21 - 2013-12-31 18:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:18 - 2013-11-30 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-09 16:17 - 2013-05-21 09:20 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 16:16 - 2013-05-21 09:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-08 08:19 - 2013-05-22 03:18 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\vlc
2014-07-06 16:45 - 2014-07-06 16:44 - 00000000 ____D () C:\Users\Korisnik\Documents\my collection
2014-07-06 14:43 - 2010-11-20 23:01 - 00801690 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 16:27 - 2014-07-05 16:27 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacije sustava Dragon
2014-07-05 16:25 - 2014-07-05 16:25 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragon
2014-07-05 14:03 - 2014-07-05 14:02 - 00001812 _____ () C:\Users\Korisnik\Desktop\IrfanView Thumbnails.lnk
2014-07-05 14:03 - 2014-07-05 14:02 - 00000932 _____ () C:\Users\Korisnik\Desktop\IrfanView.lnk
2014-07-05 14:02 - 2014-07-05 14:02 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-05 13:43 - 2013-05-21 11:43 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-05 13:42 - 2014-07-05 13:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-05 13:42 - 2014-04-26 12:23 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-05 13:42 - 2013-12-17 21:14 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-05 13:42 - 2013-05-21 11:43 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-05 13:42 - 2013-05-21 11:43 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-05 13:42 - 2013-05-21 11:43 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-05 13:42 - 2013-05-21 11:42 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-05 13:42 - 2013-05-21 11:42 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-05 13:42 - 2013-05-21 11:42 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-04 18:50 - 2014-06-26 17:16 - 00000000 ____D () C:\Users\Korisnik\Documents\My Kindle Content
2014-06-30 10:09 - 2014-06-30 10:09 - 00000000 ____D () C:\Program Files\ESET
2014-06-28 21:11 - 2013-10-16 23:22 - 00000000 ____D () C:\Windows\ERDNT
2014-06-28 20:53 - 2013-05-21 11:28 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\uTorrent
2014-06-27 04:01 - 2014-06-27 04:01 - 00000218 _____ () C:\Users\Korisnik\AppData\Local\recently-used.xbel
2014-06-27 02:00 - 2013-06-04 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2014-06-27 02:00 - 2013-06-04 22:42 - 00000000 ____D () C:\Program Files\Propellerhead
2014-06-27 01:49 - 2014-06-27 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2014-06-27 01:49 - 2013-11-26 19:40 - 00000000 ____D () C:\Program Files\net1-wipe
2014-06-27 01:19 - 2014-06-27 01:18 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-06-27 01:18 - 2014-06-27 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-27 01:18 - 2014-06-27 01:13 - 00000000 ____D () C:\Program Files\CheckPoint
2014-06-26 17:16 - 2014-06-27 02:55 - 00002228 _____ () C:\Users\Korisnik\Desktop\Kindle.lnk
2014-06-26 17:16 - 2014-06-26 17:16 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-06-26 17:16 - 2014-06-26 17:15 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Amazon
2014-06-23 04:38 - 2013-05-26 22:19 - 00000000 ____D () C:\ProgramData\BOINC
2014-06-21 18:44 - 2014-05-01 22:00 - 00000000 ____D () C:\guiguts
2014-06-21 11:37 - 2013-05-21 11:35 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-06-21 01:03 - 2014-06-21 00:59 - 72194560 _____ () C:\Users\Korisnik\Downloads\Khaled_Hosseini_tells_his_refugee_story_hd1080.mp4
2014-06-20 21:39 - 2014-07-09 15:58 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 19:08 - 2014-01-07 18:55 - 00001861 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-06-20 19:08 - 2014-01-07 18:55 - 00001809 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-06-19 02:16 - 2014-07-09 15:58 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 01:56 - 2014-07-09 15:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 01:56 - 2014-07-09 15:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 01:38 - 2014-07-09 15:58 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 01:37 - 2014-07-09 15:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 01:36 - 2014-07-09 15:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 15:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 01:32 - 2014-07-09 15:58 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 01:28 - 2014-07-09 15:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 15:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 01:25 - 2014-07-09 15:58 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 01:23 - 2014-07-09 15:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 01:23 - 2014-07-09 15:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 01:22 - 2014-07-09 15:58 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-09 15:58 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:12 - 2014-07-09 15:58 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 15:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 15:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 00:59 - 2014-07-09 15:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 15:58 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 00:52 - 2014-07-09 15:58 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 00:49 - 2014-07-09 15:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 15:58 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 15:58 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 15:58 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:13 - 2014-07-09 15:58 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:09 - 2014-07-09 15:58 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:07 - 2014-07-09 15:58 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 03:51 - 2014-07-09 15:57 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 02:52 - 2014-07-09 15:57 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 22:51 - 2014-05-01 21:45 - 00000000 ____D () C:\Users\Korisnik\Desktop\FL
2014-06-17 18:11 - 2014-03-04 20:34 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Citrix
2014-06-16 18:39 - 2013-05-21 11:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-16 18:39 - 2013-05-21 09:34 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-16 18:36 - 2014-06-05 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspell
2014-06-16 18:36 - 2014-06-05 18:31 - 00000000 ____D () C:\Program Files\Aspell
2014-06-16 18:11 - 2014-04-19 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-06-16 18:11 - 2014-04-19 12:31 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-06-16 18:03 - 2014-06-16 18:03 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\MPC-HC
2014-06-16 18:03 - 2013-12-01 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-06-16 18:03 - 2013-12-01 23:13 - 00000000 ____D () C:\Program Files\MPC-HC
2014-06-16 17:25 - 2013-05-22 12:05 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-16 17:25 - 2013-05-22 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-16 17:24 - 2013-11-30 15:15 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-16 17:23 - 2013-12-14 20:38 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-16 17:23 - 2013-11-30 15:15 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Thunderbird
2014-06-16 17:22 - 2014-06-16 17:22 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-16 17:22 - 2014-06-16 17:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-16 17:22 - 2014-06-16 17:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-16 17:22 - 2014-06-16 17:22 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-16 17:22 - 2014-06-16 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-16 17:22 - 2014-06-16 17:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-16 15:50 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-16 10:21 - 2013-11-24 02:06 - 00000000 ____D () C:\ProgramData\COMODO
2014-06-16 10:21 - 2013-11-24 02:04 - 00000000 ____D () C:\Program Files\Comodo
2014-06-15 23:15 - 2013-11-24 03:41 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2014-06-15 23:15 - 2013-11-24 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-06-15 23:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-06-15 23:09 - 2013-11-24 02:09 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-06-15 23:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-15 23:08 - 2013-11-24 12:13 - 00000000 ____D () C:\VTRoot
2014-06-15 19:53 - 2013-12-01 22:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-13 21:47 - 2013-06-15 09:14 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-13 21:41 - 2014-02-08 22:06 - 00000000 ____D () C:\Users\Korisnik\Desktop\possibly maybe

Some content of TEMP:
====================
C:\Users\Korisnik\AppData\Local\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-10 12:12

==================== End Of Log ============================

**black_lilies** · 2014-07-13, 17:40

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-07-2014
Ran by Korisnik at 2014-07-13 17:17:10
Running from C:\Users\Korisnik\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

123 Free Memory Card Games (HKLM\...\123 Free Memory Card Games) (Version: 123 Free Memory Card Games 2002 - TreeCardGames.com)
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aspell English Dictionary-0.50-2 (HKLM\...\Aspell English Dictionary_is1) (Version: - GNU)
Aspell French Dictionary-0.50-3 (HKLM\...\Aspell French Dictionary_is1) (Version: - GNU)
Aspell German Dictionary-0.50-2 (HKLM\...\Aspell German Dictionary_is1) (Version: - GNU)
Aspell Swedish Dictionary-0.50-2 (HKLM\...\Aspell Swedish Dictionary_is1) (Version: - GNU)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Authorizer 2.5.1 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.5.1 - Propellerhead Software AB)
Authorizer Ignition Key Support (Version: 1.0.5.0 - Propellerhead Software AB) Hidden
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Ažuriranje za Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-041A-0000-0000000FF1CE}_OMUI.hr-hr_{BAEF930D-2299-4291-A776-76180A3A62E2}) (Version: - Microsoft)
Ažuriranje za Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-041A-0000-0000000FF1CE}_OMUI.hr-hr_{AF2BE5BC-7CDA-4D93-BC81-B318E4729D7A}) (Version: - Microsoft)
Ažuriranje za Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-041A-0000-0000000FF1CE}_OMUI.hr-hr_{CB1B45DE-6AAE-46FB-9FFE-B5F4F7029605}) (Version: - Microsoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (HKLM\...\{ACFDA9CC-43A6-439E-85B6-FA11F3853A4F}) (Version: 4.0.5078.0 - Box, Inc.)
Box Sync (Version: 4.0.4052.0 - Box Inc.) Hidden
Byki (Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Express (HKLM\...\Byki Express) (Version: 4.1 - Transparent Language, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Charity Engine (HKLM\...\{16FDDBBE-2F04-4800-AA6B-A5C8C6E1CBF2}) (Version: 7.0.76 - Charity Engine)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
Convert Audio Free FLAC to MP3 version 1.0 (HKLM\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (Version: 3.5.4.5527 - CyberLink Corp.) Hidden
Duke Nukem - Manhattan Project (DEMO v1.0.1) (HKLM\...\InstallShield_{29F1159B-A14A-4B2D-84CF-F1231F68178E}) (Version: 1.0.1 - Arush Entertainment)
Duke Nukem - Manhattan Project (DEMO v1.0.1) (Version: 1.0.1 - Arush Entertainment) Hidden
Eight Legged Freaks (remove only) (HKLM\...\Eight Legged Freaks) (Version: - )
Epson Easy Photo Print 2 (HKLM\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version: - SEIKO EPSON Corporation)
EULAlyzer 2.2 (HKLM\...\EULAlyzer_is1) (Version: 2.2.0 - BrightFort LLC)
Foldit (HKLM\...\Foldit) (Version: - )
foobar2000 v1.3.2 (HKLM\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Free Alarm Clock 2.7.1 (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
Free Driver Backup 9.4.5 (HKLM\...\Free Driver Backup_is1) (Version: - FreeDriverBackup Co., Ltd.)
GNU Aspell 0.50-3 (HKLM\...\GNU Aspell_is1) (Version: - GNU)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1440 (HKCU\...\GoToMeeting) (Version: 6.3.0.1440 - CitrixOnline)
Gpg4win (2.2.1) (HKLM\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
Happyland Adventures - Xmas Edition v1.3 (HKLM\...\Happyland Adventures - Xmas Edition_is1) (Version: - Free Lunch Design)
HiView (HKLM\...\HiView_is1) (Version: - Lunar and Planetary Laboratory, University of Arizona)
IBM SmartCloud Meetings (HKLM\...\{9C5C8B8B-D972-4901-B3A4-0987E288A0C3}) (Version: 8.5.10.40 - IBM Corporation)
Icy Tower v1.3.1 (HKLM\...\Icy Tower v1.3.1_is1) (Version: - Free Lunch Design)
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 55 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Korisnički vodič EPSON SX130 Series (HKLM\...\EPSON SX130 Series Useg) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Line 6 Uninstaller (HKLM\...\Line 6 Uninstaller) (Version: - Line 6)
Malwarebytes Anti-Malware verzija 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0100-041A-0000-0000000FF1CE}_OMUI.hr-hr_{B53B3C2C-8D03-49E4-90E4-AF6C87F33584}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - Croatian/Hrvatski (HKLM\...\OMUI.hr-hr) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office O MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Serbian (Latin)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Croatian) 2007 (Version: 12.0.4518.1041 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (Croatian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 hr) (HKLM\...\Mozilla Firefox 30.0 (x86 hr)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 hr) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 hr)) (Version: 24.6.0 - Mozilla)
MPC-HC 1.7.5 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Octoshape Streaming Services (HKCU\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
OLYMPUS Digital Camera Updater (HKLM\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM\...\{1B28182C-253F-4CFE-AF4A-87CB416D5F73}) (Version: 1.0.0 - OLYMPUS IMAGING CORP.)
PrivDog (HKLM\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.29040 - Realtek Semiconductor Corp.)
Santa Claus in Trouble (HKLM\...\Santa Claus in Trouble) (Version: - )
Secunia PSI (3.0.0.9015) (HKLM\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Skype™ 6.3 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.3.107 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
The Island Castaway (HKLM\...\The Island Castaway_is1) (Version: 1.0 - Media Contact LLC)
Todoist (HKLM\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.6.4.0 - Doist Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0100-041A-0000-0000000FF1CE}_OMUI.hr-hr_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-041A-0000-0000000FF1CE}_OMUI.hr-hr_{5CC013E5-5126-45D8-81F2-E41A1D7F54B5}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wipe (HKLM\...\Wipe) (Version: 2014.10 - PrivacyRoot.com)
Zombiepox v1.1 (HKLM\...\Zombiepox_is1) (Version: - Free Lunch Design)
ZoneAlarm Firewall (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 13.2.015.000 - Check Point)
ZoneAlarm Security (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-07-11 17:38 - 00449915 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {24A9E015-5CAF-4C2F-B62B-B45EFB691C72} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-05] (AVAST Software)
Task: {33AB5406-8530-4B3C-A6E5-80DA2CCC04C1} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {4892B2D3-371B-4B60-BA7E-7D7A896A21AF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1339427262-3479436622-1115934270-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {4C9C4D43-8C59-4179-9C53-4DE21F454396} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1339427262-3479436622-1115934270-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {5CBCF837-A30C-41AA-B1CE-51ED941E0ADB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1339427262-3479436622-1115934270-1000
Task: {5FB3DF27-AE27-41DB-AD1D-A7E6E27A1350} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1339427262-3479436622-1115934270-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {5FC52062-2B00-42DE-A747-070551434357} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {60CBDEA6-F581-4033-9B6C-2485A02AC4A0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {6E4EF0AF-4949-4BF7-8785-1668AAE094CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {71A449F6-BA43-484D-93B2-545F27A81050} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8345C017-B2D2-4627-9588-623C8868E341} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9BDA3A87-52ED-4E1A-B8FA-8CAE7123ACA5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1339427262-3479436622-1115934270-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A1741262-3DEA-46FE-81EA-ED35BA2594A0} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {B7A1A7B6-3077-4A6B-BEA9-30ED4193C0C1} - System32\Tasks\G2MUpdateTask-S-1-5-21-1339427262-3479436622-1115934270-1000 => C:\Users\Korisnik\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-06-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BD4E5811-ED48-49E8-A5ED-7016101DB0BA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1339427262-3479436622-1115934270-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {E7B4D25E-24E3-43F2-BE33-4CFE730E1920} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-21] (Google Inc.)
Task: {FB44E262-B9C3-4EF8-A082-BE83F18C6764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1339427262-3479436622-1115934270-1000.job => C:\Users\Korisnik\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-05 13:42 - 2014-07-05 13:42 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-13 13:57 - 2014-07-13 13:57 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071300\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-11.dll
2014-05-21 12:22 - 2014-05-21 12:22 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe
2012-12-14 02:02 - 2012-12-14 02:02 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-07-05 13:42 - 2014-07-05 13:42 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-14 22:55 - 2014-02-14 22:55 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\7fb509dd6887788f670fac03bb2f996d\PSIClient.ni.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:84098FD3

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: boincmgr => "C:\Program Files\BOINC\charityengine.exe" /a /s
MSCONFIG\startupreg: boinctray => "C:\Program Files\BOINC\boinctray.exe"
MSCONFIG\startupreg: BoxSync => "c:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: FreeRAM XP => "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2014 02:45:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/13/2014 02:45:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa MBAMService nije uspjelo zbog sljedeće pogreške:
%%1053

Error: (07/13/2014 02:45:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) tijekom povezivanja sa servisom MBAMService.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 1935.36 MB
Available physical RAM: 1029.91 MB
Total Pagefile: 3870.72 MB
Available Pagefile: 2439.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:151.27 GB) (Free:22.09 GB) NTFS
Drive d: () (Fixed) (Total:146.72 GB) (Free:27.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A3543C19)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=147 GB) - (Type=07 NTFS)

==================== End Of Log ============================

**ken545** · 2014-07-13, 19:21

Startpage is part of PUPs( Potentially Unwanted Programs)

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)

Start
SearchScopes: HKCU - {D282ACF4-DD47-448D-9013-D29C8D9B75F1} URL =
FF Homepage: https://startpage.com/hr/
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\startpage-ssl.xml
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Korisnik\AppData\Local\temp\Quarantine.exe
Hosts:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**black_lilies** · 2014-07-13, 20:18

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-07-2014
Ran by Korisnik at 2014-07-13 20:10:03 Run:1
Running from C:\Users\Korisnik\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKCU - {D282ACF4-DD47-448D-9013-D29C8D9B75F1} URL =
FF Homepage: https://startpage.com/hr/
FF SearchPlugin: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\startpage-ssl.xml
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Korisnik\AppData\Local\temp\Quarantine.exe
Hosts:
End
*****************

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D282ACF4-DD47-448D-9013-D29C8D9B75F1}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{D282ACF4-DD47-448D-9013-D29C8D9B75F1}'=> Key not found.
Firefox homepage deleted successfully.
C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\w75gd529.default-1405094361813\searchplugins\startpage-ssl.xml => Moved successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
'HKCU\SOFTWARE\Policies\Google' => Key deleted successfully.
C:\Users\Korisnik\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

**ken545** · 2014-07-13, 20:48

Good, how is your system behaving now ?

**black_lilies** · 2014-07-14, 13:15

Still problems with Firefox. Some pages won't load at first--they look like they're going to start loading but I think I could wait forever

. I click refresh and they load. Or, sometimes they fail to load and Firefox displays an error message "ssl_error_handshake_failure_alert" or "ssl_error_bad_mac_read" (or something else starting with "ssl"). Again, I refresh the page and it opens. But then, at one point they won't load at all and I close Firefox. After closing it, either Windows Explorer stops responding and I can't open Task Manager (and have to shut down the computer manually via power button), or I open Task Manager and Firefox.exe is still listed in Processes tab, but I can't close it, and computer becomes really slow so I have to restart it...

This same thing happened before I removed win32.downloader.gen. At first I thought I had problems with Internet connection, but the next day most pages started redirecting to a website that looked like my Internet provider's (which I know is not). So I scanned with Spybot and it took me a while to figure out how to remove the virus

. After removing it, the pages weren't redirecting anymore, but this started happening--and in Firefox only.

Thread: Browser problems after removing win32.downloader.gen

Thread Tools

Display

Browser problems after removing win32.downloader.gen

Posting Permissions