Self-replicating folders

[black_lilies]

O1 HOSTS File: ([2013.08.09 08:09:58 | 000,450,636 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - HKCU..\Run: [SearchProtection] C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk = C:\Program Files\Wipe 2013\wipetray.exe (PrivacyRoot.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.11.19 18:59:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.19 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
[2013.11.19 18:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013.11.18 23:12:24 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Desktop\Nova mapa
[2013.11.17 10:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.11.15 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.11.08 09:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.11.08 09:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.11.02 20:55:49 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Documents\iMacros
[2013.10.20 23:51:16 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.10.20 23:51:05 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.10.20 23:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.10.20 23:51:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.10.20 23:51:04 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[54 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.11.19 19:32:11 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.19 19:31:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.19 19:25:54 | 000,000,512 | ---- | M] () -- C:\Users\Korisnik\Desktop\MBR.dat
[2013.11.19 19:18:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.19 18:46:11 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.19 18:46:11 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.19 18:37:57 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.19 18:37:46 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.11.19 18:37:11 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.19 18:31:14 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.11.19 18:31:13 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.11.19 18:31:13 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.11.19 18:31:13 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.11.19 18:31:13 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.11.19 18:31:13 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.11.19 18:31:13 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.11.19 18:31:12 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.11.19 18:31:04 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.11.19 18:25:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
[2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
[2013.11.17 20:04:11 | 000,666,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.11.17 20:04:11 | 000,127,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.11.10 13:47:04 | 000,448,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.11.06 21:27:23 | 000,007,696 | ---- | M] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
[2013.11.06 14:43:35 | 000,001,669 | ---- | M] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
[2013.10.29 21:35:51 | 000,001,020 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk
[2013.10.22 08:20:10 | 000,056,027 | ---- | M] () -- C:\Users\Korisnik\Desktop\100653427.jpg
[2013.10.22 01:04:26 | 000,061,339 | ---- | M] () -- C:\Users\Korisnik\Desktop\money-background-seamless-fill-bluesky.jpg
[2013.10.22 00:41:38 | 000,009,900 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-dollar-bills_animation.gif
[2013.10.22 00:41:14 | 000,008,984 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-bills-animated.gif
[2013.10.22 00:41:08 | 000,024,181 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-dollars-animation.gif
[2013.10.21 00:21:32 | 000,002,630 | ---- | M] () -- C:\Users\Korisnik\Desktop\The Nearly Ultimate Guide to Better Writing.pdf.lnk
[2013.10.21 00:21:00 | 000,002,578 | ---- | M] () -- C:\Users\Korisnik\Desktop\Serena Alba - Geometrija božanske iskre.pdf.lnk
[2013.10.21 00:19:39 | 000,001,180 | ---- | M] () -- C:\Users\Korisnik\Desktop\Filmovi.lnk
[2013.10.21 00:18:47 | 000,001,057 | ---- | M] () -- C:\Users\Korisnik\Desktop\Slike.lnk
[2013.10.21 00:18:24 | 000,001,051 | ---- | M] () -- C:\Users\Korisnik\Desktop\Glazba.lnk
[2013.10.21 00:16:54 | 000,001,072 | ---- | M] () -- C:\Users\Korisnik\Desktop\Dokumenti.lnk
[2013.10.20 23:50:49 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.10.20 23:50:33 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.10.20 23:50:33 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.10.20 23:50:32 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[54 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.11.19 19:20:08 | 000,000,512 | ---- | C] () -- C:\Users\Korisnik\Desktop\MBR.dat
[2013.11.19 18:37:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.11.18 23:02:24 | 000,891,200 | ---- | C] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
[2013.11.06 14:43:35 | 000,001,669 | ---- | C] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
[2013.11.05 21:35:59 | 000,007,696 | ---- | C] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
[2013.10.22 08:20:09 | 000,056,027 | ---- | C] () -- C:\Users\Korisnik\Desktop\100653427.jpg
[2013.10.22 01:04:22 | 000,061,339 | ---- | C] () -- C:\Users\Korisnik\Desktop\money-background-seamless-fill-bluesky.jpg
[2013.10.22 00:41:37 | 000,009,900 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-dollar-bills_animation.gif
[2013.10.22 00:41:13 | 000,008,984 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-bills-animated.gif
[2013.10.22 00:41:06 | 000,024,181 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-dollars-animation.gif
[2013.10.21 00:21:32 | 000,002,630 | ---- | C] () -- C:\Users\Korisnik\Desktop\The Nearly Ultimate Guide to Better Writing.pdf.lnk
[2013.10.21 00:21:00 | 000,002,578 | ---- | C] () -- C:\Users\Korisnik\Desktop\Serena Alba - Geometrija božanske iskre.pdf.lnk
[2013.10.21 00:19:39 | 000,001,180 | ---- | C] () -- C:\Users\Korisnik\Desktop\Filmovi.lnk
[2013.10.21 00:18:47 | 000,001,057 | ---- | C] () -- C:\Users\Korisnik\Desktop\Slike.lnk
[2013.10.21 00:18:24 | 000,001,051 | ---- | C] () -- C:\Users\Korisnik\Desktop\Glazba.lnk
[2013.10.21 00:16:54 | 000,001,072 | ---- | C] () -- C:\Users\Korisnik\Desktop\Dokumenti.lnk
[2013.10.15 08:42:36 | 000,000,090 | ---- | C] () -- C:\Windows\Philip.INI
[2013.10.15 07:52:46 | 000,000,098 | ---- | C] () -- C:\ProgramData\avalon2.2_WIPE2013.ini
[2013.10.15 07:52:38 | 000,340,992 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.10.15 07:52:34 | 000,340,992 | ---- | C] () -- C:\Windows\sqlite36_engine.dll
[2013.10.06 00:22:20 | 000,200,148 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013.08.17 14:29:27 | 109,026,806 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla.rar
[2013.07.24 15:19:14 | 000,001,397 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.28 17:46:41 | 000,003,342 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\recently-used.xbel
[2013.06.23 15:58:45 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013.06.21 09:54:46 | 000,000,096 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\fusioncache.dat
[2013.06.19 14:41:05 | 000,026,364 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\UserTile.png
[2013.06.19 12:39:35 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2013.06.19 12:34:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\aceg.ini
[2013.05.26 17:10:37 | 000,000,896 | RHS- | C] () -- C:\Users\Korisnik\ntuser.pol
[2013.05.21 10:43:00 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.21 10:42:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.21 10:29:27 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013.05.21 09:28:39 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2013.05.21 09:28:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2013.05.21 09:28:36 | 000,240,004 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.12.14 01:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012.12.14 01:02:20 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.12.14 01:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.12.14 01:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.14 01:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.12.14 01:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin

========== ZeroAccess Check ==========

[2012.07.14 18:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.07.23 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\AlarmClock
[2013.11.12 23:15:34 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Audacity
[2013.11.19 18:38:33 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
[2013.06.19 11:18:28 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\BSplayer
[2013.05.21 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\BSplayer Pro
[2013.05.21 10:35:32 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Canneverbe Limited
[2013.09.18 23:01:36 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Epson
[2013.11.11 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Folding@home-x86
[2013.11.18 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\foobar2000
[2013.07.09 22:23:56 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\inkscape
[2013.10.27 15:22:18 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\IrfanView
[2013.06.04 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Line 6
[2013.06.29 13:13:03 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Oracle
[2013.06.04 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Propellerhead Software
[2013.08.10 13:19:41 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Search Protection
[2013.06.15 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\SumatraPDF
[2013.05.21 10:10:20 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Synaptics
[2013.06.03 10:47:15 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\UA_HiRISE
[2013.11.12 04:32:59 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\uTorrent
[2013.10.27 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\WIPE2013

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2011.04.12 03:15:49 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2011.04.12 03:15:49 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009.06.10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009.06.10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2011.04.12 03:15:39 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2011.04.12 03:15:39 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
[2009.07.13 18:55:04 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C034B59784311ABD8D8E0D7943EDFBC6 -- C:\Windows\hr-HR\explorer.exe.mui
[2009.07.13 18:55:04 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C034B59784311ABD8D8E0D7943EDFBC6 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ee880aa5ad10d620\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013.11.19 19:30:28 | 000,118,418 | ---- | M] () MD5=F5116BC9B84BCC8B2A334DBF0D43347B -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: EXPLORER.ICO >
[2007.07.20 11:55:08 | 000,025,214 | ---- | M] () MD5=9B8226EC0C75BA9BDE995D8FBC3FDF59 -- C:\Program Files\FreeAlarmClock\explorer.ico

< MD5 for: EXPLORER.ZIP >
[2006.03.06 21:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.EXE >
[2013.03.23 16:58:37 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_ba715a6a65dbf461\iexplore.exe
[2013.04.05 06:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_a39ee59e7f860811\iexplore.exe
[2013.04.05 07:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013.04.05 07:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2010.11.20 22:29:33 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009.07.13 17:12:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=49F18DD112B5CDC5DC1DDCECDA088D92 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_hr-hr_97e3d05892d28ffe\iexplore.exe.mui
[2013.03.23 16:58:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013.03.23 16:58:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
[2009.07.14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2013.11.15 18:45:15 | 000,099,278 | ---- | M] () MD5=DBD0BC8350A2D7CB489A2E55A17E82F4 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

< MD5 for: SERVICES >
[2009.06.10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011.04.12 03:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2011.04.12 03:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009.07.13 18:19:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=DE8100CA6FABE5B5A99CA078144368EF -- C:\Windows\System32\hr-HR\services.exe.mui
[2009.07.13 18:19:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=DE8100CA6FABE5B5A99CA078144368EF -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_5292ca9f5f6438ed\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009.07.14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2011.04.12 03:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2011.04.12 03:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBS >
[2013.07.16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: WINLOGON.ADML >
[2011.04.12 03:15:49 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2011.04.12 03:15:49 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009.06.10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009.06.10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2011.04.12 03:15:37 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2011.04.12 03:15:37 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
[2010.11.20 03:33:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=F8476619C18A319B403AAE275A6A4C46 -- C:\Windows\System32\hr-HR\winlogon.exe.mui
[2010.11.20 03:33:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=F8476619C18A319B403AAE275A6A4C46 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_hr-hr_b5bf28db3a740100\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009.07.13 18:26:28 | 000,001,080 | ---- | M] () MD5=25448FF5977E91FF87B3A52D6B696803 -- C:\Windows\System32\wbem\hr-HR\winlogon.mfl
[2009.07.13 18:26:28 | 000,001,080 | ---- | M] () MD5=25448FF5977E91FF87B3A52D6B696803 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_115066de58bdd6fb\winlogon.mfl
[2011.04.12 03:15:38 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2011.04.12 03:15:38 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009.07.13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009.07.13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013.05.26 17:59:41 | 000,003,065 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013.11.19 18:37:11 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.24 15:28:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.07.24 15:28:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.11.19 18:37:11 | 2029,371,392 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010.11.20 22:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.16 16:07:46 | 000,878,224 | ---- | M] (Space Sciences Laboratory) -- C:\Windows\boinc.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 54DD-0016
Directory of C:\
14.07.2009. 05:53 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14.07.2009. 05:53 <JUNCTION> Application Data [C:\ProgramData]
14.07.2009. 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14.07.2009. 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14.07.2009. 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14.07.2009. 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009. 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14.07.2009. 05:53 <SYMLINKD> All Users [C:\ProgramData]
14.07.2009. 05:53 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14.07.2009. 05:53 <JUNCTION> Application Data [C:\ProgramData]
14.07.2009. 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14.07.2009. 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14.07.2009. 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14.07.2009. 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009. 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14.07.2009. 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14.07.2009. 05:53 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14.07.2009. 05:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14.07.2009. 05:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
14.07.2009. 05:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009. 05:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009. 05:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009. 05:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009. 05:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009. 05:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14.07.2009. 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14.07.2009. 05:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009. 05:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14.07.2009. 05:53 <JUNCTION> My Music [C:\Users\Default\Music]
14.07.2009. 05:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14.07.2009. 05:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Korisnik
21.05.2013. 08:23 <JUNCTION> Application Data [C:\Users\Korisnik\AppData\Roaming]
21.05.2013. 08:23 <JUNCTION> Cookies [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Cookies]
21.05.2013. 08:23 <JUNCTION> Local Settings [C:\Users\Korisnik\AppData\Local]
21.05.2013. 08:23 <JUNCTION> My Documents [C:\Users\Korisnik\Documents]
21.05.2013. 08:23 <JUNCTION> NetHood [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21.05.2013. 08:23 <JUNCTION> PrintHood [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21.05.2013. 08:23 <JUNCTION> Recent [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Recent]
21.05.2013. 08:23 <JUNCTION> SendTo [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\SendTo]
21.05.2013. 08:23 <JUNCTION> Start Menu [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu]
21.05.2013. 08:23 <JUNCTION> Templates [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Korisnik\AppData\Local
21.05.2013. 08:23 <JUNCTION> Application Data [C:\Users\Korisnik\AppData\Local]
21.05.2013. 08:23 <JUNCTION> History [C:\Users\Korisnik\AppData\Local\Microsoft\Windows\History]
21.05.2013. 08:23 <JUNCTION> Temporary Internet Files [C:\Users\Korisnik\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Korisnik\Documents
21.05.2013. 08:23 <JUNCTION> My Music [C:\Users\Korisnik\Music]
21.05.2013. 08:23 <JUNCTION> My Pictures [C:\Users\Korisnik\Pictures]
21.05.2013. 08:23 <JUNCTION> My Videos [C:\Users\Korisnik\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14.07.2009. 05:53 <JUNCTION> My Music [C:\Users\Public\Music]
14.07.2009. 05:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14.07.2009. 05:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 23.915.397.120 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013.05.21 09:37:12 | 000,000,221 | -HS- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
[2013.10.16 21:03:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Korisnik\Desktop\erunt-setup.exe
[2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-05-21 09:05:47

========== Base Services ==========
SRV - [2009.07.14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013.02.27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009.07.14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010.11.20 22:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010.11.20 22:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2013.03.23 16:40:38 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013.03.23 16:34:59 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010.11.20 22:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2013.03.23 16:20:41 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010.11.20 22:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2013.03.23 16:48:57 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2013.03.23 16:24:50 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2013.03.23 16:31:54 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010.11.20 22:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010.11.20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009.07.14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010.11.20 22:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010.11.20 22:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010.11.20 22:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010.11.20 22:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2013.03.23 16:41:02 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010.11.20 22:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010.11.20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010.11.20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010.11.20 22:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.11.20 22:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010.11.20 22:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010.11.20 22:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010.11.20 22:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012.06.02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010.11.20 22:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010.11.20 22:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ATA Hitachi HTS54323 SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 151,00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 147,00GB
Starting Offset: 162530328576
Hidden sectors: 0


< End of report >

[black_lilies]

Extras.txt

OTL Extras logfile created on: 19.11.2013. 19:33:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

1,89 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 65,61% Memory free
3,78 Gb Paging File | 2,64 Gb Available in Paging File | 69,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,27 Gb Total Space | 22,35 Gb Free Space | 14,77% Space Free | Partition Type: NTFS
Drive D: | 146,72 Gb Total Space | 27,30 Gb Free Space | 18,61% Space Free | Partition Type: NTFS

Computer Name: KORISNIK-PC | User Name: Korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files\foobar2000\foobar2000.exe" /add "%1" (Piotr Pawlowski)
Directory [foobar2000.play] -- "C:\Program Files\foobar2000\foobar2000.exe" "%1" (Piotr Pawlowski)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C65EF1CC-4A9F-4A83-BE03-80A3243D3E10}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AEF387-A6CF-43CD-AF5E-3C6BA3C09A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D5FA06E-0F19-4B49-9130-3287DEEA49C6}" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"{18E89CCB-A0AD-472B-9392-C3E26C3CC0A5}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{1E18746D-2FA5-4879-B4DB-1539AC88300D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{37F1208E-D9AC-4355-AE29-F47734F5BFA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{37FFD9B2-23A1-4D58-8C04-58EE452672E4}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{4E61EA41-0055-42EC-B7CF-B4A7FBB1BB02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5AEB08AC-2C00-41B5-AB90-BEF6234FA7D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5CC39BA4-DA6E-47C0-99BD-2946F7FF0F56}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{6112865D-AA69-48D7-80FB-4E4D2B08659A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8E435D9A-3A2C-46FB-B26F-F9A07473C34C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A16BEF9C-84C3-415E-B3A0-5B61DB3CD9E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AF52718A-15A8-4CD1-9119-7DD7729C3F00}" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"{B40367A4-D114-43FA-9C8D-58F9321145D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E30ED415-BE27-4920-96ED-05744B9DBB9E}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{F23D25B8-8A4A-4322-82D4-8D98AF89FF5D}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{5EB3CABB-A47F-4182-9C1B-2A6FB5084719}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{ED27E978-5DF7-47C6-AD12-54F692AF3F60}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E221EA3A-AA43-462F-84D5-27C2B052916D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{E5F987FE-A5E6-43E5-BB6B-ACF292DFA996}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.3
"{1A3A0526-E055-4B51-8F56-9C520509A572}" = Authorizer Ignition Key Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29F1159B-A14A-4B2D-84CF-F1231F68178E}" = Duke Nukem - Manhattan Project (DEMO v1.0.1)
"{32A3A4F4-B792-11D6-A78A-00B0D0170210}" = Java SE Development Kit 7 Update 21
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBD2D05-F6A2-3151-81ED-064B94A16C51}" = Google Chrome
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{818AD66C-A54A-409E-8489-2F2548F0880E}" = BOINC
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.1
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-041A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Croatian) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-041A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Croatian) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-041A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Croatian) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-041A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Croatian) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-041A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Croatian) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-041A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Croatian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
"{90120000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-041A-0000-0000000FF1CE}" = Microsoft Office Proofing (Croatian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-041A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Croatian) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-041A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Croatian) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-041A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Croatian) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-041A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Croatian) 2007
"{90120000-0100-041A-0000-0000000FF1CE}" = Microsoft Office O MUI (Croatian) 2007
"{90120000-0101-041A-0000-0000000FF1CE}" = Microsoft Office X MUI (Croatian) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1" = Authorizer 2.5.1
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"Byki Express" = Byki Express
"CCleaner" = CCleaner
"Eight Legged Freaks" = Eight Legged Freaks (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Korisnički vodič EPSON SX130 Series
"ERUNT_is1" = ERUNT 1.1j
"Foldit" = Foldit
"foobar2000" = foobar2000 v1.2.9
"Free Driver Backup_is1" = Free Driver Backup 9.4.5
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HiView_is1" = HiView
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"Inkscape" = Inkscape 0.48.4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{29F1159B-A14A-4B2D-84CF-F1231F68178E}" = Duke Nukem - Manhattan Project (DEMO v1.0.1)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.0 (Full)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzija 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 25.0.1 (x86 hr)" = Mozilla Firefox 25.0.1 (x86 hr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.hr-hr" = Microsoft Office Language Pack 2007 - Croatian/Hrvatski
"RealPlayer 16.0" = RealPlayer
"Reason7.0_32_is1" = Reason 7.0.1
"Santa Claus in Trouble" = Santa Claus in Trouble
"SouthParkMario2.1" = SouthPark Mario Bros 2.1
"SpeedFan" = SpeedFan (remove only)
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Wipe 2013" = Wipe 2013.59
"Zombiepox_is1" = Zombiepox v1.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection" = Search Protection
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19.11.2013. 15:03:15 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 158013

Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 173863

Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 173863

Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 189806

Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 189806

Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 205781

Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 205781

[ Media Center Events ]
Error - 16.8.2013. 7:12:50 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
Description = 13:12:50 - Dohvaćanje stavke Directory nije uspjelo (Pogreška: The
underlying connection was closed: An unexpected error occurred on a send.)

Error - 16.8.2013. 7:12:50 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
Description = 13:12:50 - Dohvaćanje stavke MCEClientUX nije uspjelo (Pogreška: The
underlying connection was closed: An unexpected error occurred on a send.)

Error - 16.8.2013. 7:13:11 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
Description = 13:12:50 - Dohvaćanje stavke Broadband nije uspjelo (Pogreška: The
underlying connection was closed: An unexpected error occurred on a send.)

[ System Events ]
Error - 16.11.2013. 15:37:59 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 16.11.2013. 15:48:15 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 17.11.2013. 10:46:55 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
Wlansvc.

Error - 17.11.2013. 13:06:32 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
ShellHWDetection.

Error - 17.11.2013. 14:57:09 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
ShellHWDetection.

Error - 17.11.2013. 15:20:46 | Computer Name = Korisnik-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 17.11.2013. 15:44:05 | Computer Name = Korisnik-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:29:06 on ?17.?11.?2013. was unexpected.

Error - 18.11.2013. 18:13:59 | Computer Name = Korisnik-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:12:42 on ?18.?11.?2013. was unexpected.

Error - 19.11.2013. 13:31:23 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7030
Description = Servis avast! Antivirus označen je kao interaktivni servis. Međutim,
sustav je konfiguriran tako da ne dozvoljava interaktivne servise. Servis možda
neće ispravno funkcionirati.

Error - 19.11.2013. 15:00:42 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.


< End of report >

[OCD]

Hi black_lilies,

RogueKiller

Download to your desktop RogueKiller (by tigzy)

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Quit all programs
• Wait until Prescan has finished ...
• Click on Scan, Do Not Fix Anything at this point.
• Click the Report button, save the report to your desktop

=========================

ComboFix

Refer to the ComboFix User's Guide

• Download ComboFix from the following location:
  
  Link
  
  * IMPORTANT !!! Place ComboFix.exe on your Desktop
  
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  ---------------------------------------------------------------------------------------------
  
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:

• RKreport.txt
• ComboFix.txt
• Please describe the symptoms you are experiencing.

[black_lilies]

Hi OCD,

I still have the same problem with the sound. Also, on local disk D: there's a new empty folder $RECYCLE.BIN which doesn't seem like it's empty, it says there's one file and a folder inside. And its disk size is changing, it was first 4 KB, then 8 KB and now it's back to 4. I didn't notice anything else.


RKreport.txt

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Korisnik [Admin rights]
Mode : Scan -- Date : 11/20/2013 15:44:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]
[SUSP PATH] afom.exe -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1339427262-3479436622-1115934270-1000\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54323 SCSI Disk Device +++++
--- User ---
[MBR] 295c75d871fcf1297cf1145835049b8e
[BSP] 9dba65ade744a9c0c0256ba54bc190d8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 154900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317442048 | Size: 150243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11202013_154407.txt >>




ComboFix.txt

ComboFix 13-11-19.01 - Korisnik 0.11.2013. 15:52:33.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.1126 [GMT 1:00]
Running from: c:\users\Korisnik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))
.
.
2013-11-20 15:04 . 2013-11-20 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-19 17:38 . 2013-11-19 17:38 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVAST Software
2013-11-08 08:23 . 2013-11-08 08:23 -------- d-----w- c:\program files\iPod
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 17:31 . 2013-05-21 09:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-19 17:31 . 2013-05-21 09:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-19 17:31 . 2013-05-21 09:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-19 17:31 . 2013-05-21 09:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-19 17:31 . 2013-05-21 09:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-19 17:31 . 2013-05-21 09:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 17:31 . 2013-05-21 09:42 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-19 17:31 . 2013-05-21 09:43 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-19 17:31 . 2013-05-21 09:42 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-19 17:31 . 2013-05-21 09:41 43152 ----a-w- c:\windows\avastSS.scr
2013-10-20 22:50 . 2013-10-20 22:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 21:33 . 2013-05-22 00:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:33 . 2013-05-22 00:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-24 21:41 . 2013-06-27 14:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-24 21:41 . 2013-06-27 14:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-19 17:30 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-09 1591808]
"SearchProtection"="c:\users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09-03 832360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-03-06 5655144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-16 3667600]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-16 71312]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-24 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
.
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
Wipe tray agent 2013.lnk - c:\program files\Wipe 2013\wipetray.exe startup [2013-10-15 216880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21 8443832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-05-08 16:24 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-08-20 110408]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 331080]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-04 351288]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-04 796216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-03-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 532536]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 25656]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13 1830544]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-09-19 209552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 14:44 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 21:33]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://mindmillion.com/inspiration.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
c:\program files\BOINC\boinc.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Wipe 2013\wipetray.exe
c:\programdata\BOINC\projects\http://www.worldcommunitygrid.org\wc...ndows_intelx86
c:\windows\system32\conhost.exe
c:\programdata\BOINC\projects\http://www.worldcommunitygrid.org\wc...ndows_intelx86
c:\windows\system32\conhost.exe
c:\programdata\BOINC\projects\http://www.worldcommunitygrid.org\wc...od_32.exe.7.06
c:\windows\system32\conhost.exe
c:\programdata\BOINC\projects\http://www.worldcommunitygrid.org\wc...od_32.exe.7.06
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Completion time: 2013-11-20 16:16:22 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-20 15:16
.
Pre-Run: 28.300.029.952 bytes free
Post-Run: 28.410.585.088 bytes free
.
- - End Of File - - 2F492973F0BF92E8C7AF8F2E8A5EF7BA
A36C5E4F47E84449FF07ED3517B43A31

[OCD]

Hi black_lilies,

In regards to the audio issue:

• Can you explain when it happens?
  
  • Is the sound playing on the Internet, web sites?
  • Can you load a music CD and get audio?

=========================

After that I found a folder named 3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ on local disk C:, full of other folders (the number of folders increasing constantly)

Can you give some more detailed information about this issue? Complete path to this folder/file.

=========================

Re-run RogueKiller

Right click and select "Run as Administrator"

• Quit all programs
• Wait until Prescan has finished ...
• Click on Scan.
• After the scan has completed click on the Registry tab
• Place a check mark next to each of the following entries:
  
  • 
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
    
  
  
• Remove the check mark from all other entries listed
• Click the Delete button
• Click the Report button, save the report to your desktop

=========================

In your next post please provide the following:

• RKreport
• Answer to questions asked

[black_lilies]

Hi, OCD

Good news today . I think I solved the sound issue, just changed something in the Control Panel, related to power management. I really have no idea how this is related, but I've restarted my laptop a few times now and the sound works normally. And when I change it back to the old settings, there's the same problem again.

Can you give some more detailed information about this issue? Complete path to this folder/file.

Full path to the folder was C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ. It was full of other folders, all with similar names like ZZ..Z...Z...Z..Z (different combinations of Zs and periods), and the new ones just kept appearing. Also, it seemed like there was less space on local disk, but I'm not sure about this. After cleaning up some space on my computer, the folder was replaced by the file 3590F75ABA9E485486C100C1A9D4FF06XZRURUNVBZAFAFQC, which later disappeared. And I previously had a file with a similar name, 3590F75ABA9E485486C100C1A9D4FF06CIKFRWNFNGUMLJVK, on local disk, which also disappeared by itself.


About the new $RECYCLE.BIN folder... It looks like it's actually related to Recycle Bin, as its size changes whenever I put something in Recycle Bin or empty it. I archived this folder and inside there's a folder S-1-5-21-1339427262-3479436622-1115934270-1000, and inside this folder is desktop.ini and two .rar archives: $IVUL567.rar and $RVUL567.rar. Do you know what that could be? (I'm probably just paranoid )

Anyway, I did what you said and here's the report:


RKreport

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Korisnik [Admin rights]
Mode : Remove -- Date : 11/21/2013 20:19:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]
[SUSP PATH] afom.exe -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
[RUN][SUSP PATH] HKUS\S-1-5-21-1339427262-3479436622-1115934270-1000\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54323 SCSI Disk Device +++++
--- User ---
[MBR] 295c75d871fcf1297cf1145835049b8e
[BSP] 9dba65ade744a9c0c0256ba54bc190d8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 154900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317442048 | Size: 150243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11212013_201949.txt >>
RKreport[0]_S_11212013_201612.txt

[OCD]

Hi black_lilies,

I missed this other entry, please re-run RogueKiller.

Re-run RogueKiller

Right click and select "Run as Administrator"

• Quit all programs
• Wait until Prescan has finished ...
• Click on Scan.
• After the scan has completed click on the Registry tab
• Place a check mark next to each of the following entries:
  
  • [HJ POL][PUM]HKLM\[...]\System : DisableRegistryTools (0)
• If you cannot see the complete line to be selected, place the cursor on the line between "Key" and "Value" menu header.
• Left click and drag the window to the right to expand the field.
• Use the scroll bar at the bottom of the programs window to view the full path.
  
• Remove the check mark from all other entries listed
• Click the Delete button
• Click the Report button, save the report to your desktop

=========================

Run OTL.exe

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :Files
  C:\359*ZZZ..Z.....ZZZZZ
  
  :Commands
  [createrestorepoint]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

=========================

ComboFix

Refer to the ComboFix User's Guide

• Download ComboFix from the following location:
  
  Link
  
  * IMPORTANT !!! Place ComboFix.exe on your Desktop
  
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  ---------------------------------------------------------------------------------------------
  
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:

• RKreport.txt
• OTL fix log
• ComboFix.txt