View Full Version : Self-replicating folders
black_lilies
2013-10-17, 01:11
Hi. I'm having some issues on my laptop, some sort of a virus, it seems like it's taking up space on my computer. I had some problems with sound on my laptop today. Everything was fine when I turned the laptop on, but soon I couldn't hear any sound nor play music, I'm not sure if this is related (when I tried to play music, there was an error message that the program was already in use, or something like that). After that I found a folder named 3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ on local disk C:, full of other folders (the number of folders increasing constantly). I cleaned up some space on my laptop, and also used CCleaner, and then the folder was replaced by a file named 3590F75ABA9E485486C100C1A9D4FF06XZRURUNVBZAFAFQC, and later it just disappeared and the sound went back to normal. Also, I had files like that a few times before, but after they disappeared, I thought I removed them with Spybot.
I would be very happy if somebody could help me when you have the time, and thank you in advance :).
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.40.2
Run by Korisnik at 22:12:00 on 2013-10-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.943 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Users\Korisnik\AppData\Roaming\Folding@home-x86\FahCore_a4.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_intelx86
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_intelx86
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.hr/
uSearch Bar = about:blank
uSearch Page = about:blank
uSearchURL,(Default) = about:blank
mSearchAssistant = about:blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SearchProtection] "c:\users\korisnik\appdata\roaming\search protection\SearchProtection.EXE" /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\wipetr~1.lnk - c:\program files\wipe 2013\wipetray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7} : DHCPNameServer = 83.139.105.2 83.139.104.2
TCP: Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}\651434F4D40244E2F4E2F4E2 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://amfsa.clicktodonate.org
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-17 12:29; jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack.xpi
FF - ExtSQL: 2013-08-17 13:11; tabscope@xuldev.org; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabscope@xuldev.org.xpi
FF - ExtSQL: 2013-08-17 13:11; rainbow@colors.org; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rainbow@colors.org.xpi
FF - ExtSQL: 2013-08-17 13:11; firegestures@xuldev.org; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firegestures@xuldev.org.xpi
FF - ExtSQL: 2013-08-24 23:42; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-21 177864]
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-9-1 532536]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-9-1 25656]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-21 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-21 369584]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2013-5-21 87968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-21 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-11 46808]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2012-11-21 2571704]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2013-5-21 14904]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2013-5-21 1830544]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-7-17 55104]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\drivers\RtsP2Stor.sys [2013-5-21 209552]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-3-14 552080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2013-2-28 110408]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2013-2-28 331080]
S3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2013-3-14 75816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2013-3-14 130152]
S3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2013-3-14 150568]
S3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2013-3-14 435240]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\system32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2013-2-27 351288]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2013-2-27 796216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2013-2-27 73984]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2013-2-27 165120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-23 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-3-23 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-23 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-3-23 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
.
=============== Created Last 30 ================
.
2013-10-15 06:52:46 -------- d-----w- c:\users\korisnik\appdata\roaming\WIPE2013
2013-10-15 06:52:39 609824 ----a-w- c:\windows\system32\Comctl32.ocx
2013-10-15 06:52:39 163840 ----a-w- c:\windows\system32\temp.000
2013-10-15 06:52:39 1386496 ----a-w- c:\windows\system32\temp.001
2013-10-15 06:52:38 340992 ----a-w- c:\windows\system32\sqlite36_engine.dll
2013-10-15 06:52:34 501248 ----a-w- c:\windows\system32\dhRichClient3.dll
2013-10-15 06:52:34 340992 ----a-w- c:\windows\sqlite36_engine.dll
2013-10-15 06:52:34 -------- d-----w- c:\program files\Wipe 2013
2013-10-15 06:39:18 -------- d-----w- c:\program files\SpeedFan
2013-10-15 06:34:43 -------- d-----w- c:\program files\Free Driver Backup
2013-10-13 21:46:31 -------- d-----w- c:\users\korisnik\appdata\roaming\IrfanView
2013-10-13 21:46:26 -------- d-----w- c:\program files\IrfanView
2013-10-04 06:28:28 -------- d-----w- c:\program files\iPod
2013-10-04 06:28:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-04 06:28:23 -------- d-----w- c:\program files\iTunes
2013-09-21 22:45:54 -------- d-----w- c:\programdata\Oracle
2013-09-21 22:18:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-10-08 21:33:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:33:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 22:17:42 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-21 22:17:42 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:12 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
2013-08-24 21:41:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-24 21:41:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-07-23 23:09:32 0 ----a-w- c:\windows\system32\FAP92BD.tmp
2013-07-23 22:40:28 0 ----a-w- c:\windows\system32\FAPF718.tmp
2013-07-23 22:40:27 0 ----a-w- c:\windows\system32\FAPF4E4.tmp
2013-07-23 22:40:27 0 ----a-w- c:\windows\system32\FAPF188.tmp
2013-07-23 22:40:26 0 ----a-w- c:\windows\system32\FAPEFC2.tmp
2013-07-23 22:40:07 0 ----a-w- c:\windows\system32\FAPA46E.tmp
2013-07-23 22:39:15 0 ----a-w- c:\windows\system32\FAPDB54.tmp
2013-07-23 22:39:15 0 ----a-w- c:\windows\system32\FAPD9EB.tmp
2013-07-23 22:39:14 0 ----a-w- c:\windows\system32\FAPD72B.tmp
2013-07-23 22:39:09 0 ----a-w- c:\windows\system32\FAPC399.tmp
2013-07-23 22:38:52 0 ----a-w- c:\windows\system32\FAP8080.tmp
2013-07-23 22:38:51 0 ----a-w- c:\windows\system32\FAP7DEE.tmp
2013-07-23 22:38:43 0 ----a-w- c:\windows\system32\FAP5D91.tmp
2013-07-23 22:38:43 0 ----a-w- c:\windows\system32\FAP5B6D.tmp
2013-07-23 22:38:42 0 ----a-w- c:\windows\system32\FAP5A14.tmp
2013-07-23 22:36:42 0 ----a-w- c:\windows\system32\FAP8362.tmp
2013-07-23 22:36:41 0 ----a-w- c:\windows\system32\FAP8238.tmp
2013-07-23 22:36:41 0 ----a-w- c:\windows\system32\FAP8052.tmp
2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAPF15.tmp
2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAPDCC.tmp
2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAP108E.tmp
2013-07-23 22:35:54 0 ----a-w- c:\windows\system32\FAPC7A6.tmp
2013-07-23 22:35:53 0 ----a-w- c:\windows\system32\FAPC66C.tmp
2013-07-23 22:35:53 0 ----a-w- c:\windows\system32\FAPC532.tmp
2013-07-23 22:32:22 0 ----a-w- c:\windows\system32\FAP8CE2.tmp
2013-07-23 22:32:21 0 ----a-w- c:\windows\system32\FAP8957.tmp
2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPCB15.tmp
2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPC9DB.tmp
2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPC8C0.tmp
2013-07-23 22:30:41 0 ----a-w- c:\windows\system32\FAPCF.tmp
2013-07-23 22:30:41 0 ----a-w- c:\windows\system32\FAP50.tmp
2013-07-23 22:30:40 0 ----a-w- c:\windows\system32\FAPFEA9.tmp
2013-07-23 22:30:33 0 ----a-w- c:\windows\system32\FAPE35A.tmp
2013-07-23 22:30:32 0 ----a-w- c:\windows\system32\FAPE0E8.tmp
2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPC184.tmp
2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPC01B.tmp
2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPBEF0.tmp
2013-07-23 22:29:22 0 ----a-w- c:\windows\system32\FAPCE4A.tmp
2013-07-23 22:29:22 0 ----a-w- c:\windows\system32\FAPCDAC.tmp
2013-07-23 22:29:21 0 ----a-w- c:\windows\system32\FAPCB49.tmp
2013-07-23 22:28:38 0 ----a-w- c:\windows\system32\FAP223D.tmp
2013-07-23 22:28:38 0 ----a-w- c:\windows\system32\FAP20B5.tmp
2013-07-23 22:28:37 0 ----a-w- c:\windows\system32\FAP1EEE.tmp
2013-07-23 22:27:42 0 ----a-w- c:\windows\system32\FAP486C.tmp
2013-07-23 22:27:41 0 ----a-w- c:\windows\system32\FAP4493.tmp
2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPE301.tmp
2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPE16A.tmp
2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPDF55.tmp
2013-07-23 22:18:39 0 ----a-w- c:\windows\system32\FAPFC07.tmp
2013-07-23 22:18:38 0 ----a-w- c:\windows\system32\FAPFAAE.tmp
2013-07-23 22:18:38 0 ----a-w- c:\windows\system32\FAPF84B.tmp
2013-07-23 22:17:47 0 ----a-w- c:\windows\system32\FAP3182.tmp
2013-07-23 22:17:46 0 ----a-w- c:\windows\system32\FAP2E26.tmp
2013-07-23 22:17:45 0 ----a-w- c:\windows\system32\FAP2B46.tmp
.
============= FINISH: 22:13:53,56 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-16 22:59:41
-----------------------------
22:59:41.214 OS Version: Windows 6.1.7601 Service Pack 1
22:59:41.214 Number of processors: 2 586 0x2A07
22:59:41.216 ComputerName: KORISNIK-PC UserName: Korisnik
22:59:43.373 Initialize success
22:59:45.982 AVAST engine defs: 13101600
23:00:07.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
23:00:07.135 Disk 0 Vendor: ATA_____ A60W Size: 305245MB BusType: 11
23:00:07.253 Disk 0 MBR read successfully
23:00:07.256 Disk 0 MBR scan
23:00:07.261 Disk 0 Windows 7 default MBR code
23:00:07.274 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:00:07.291 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 154900 MB offset 206848
23:00:07.315 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150243 MB offset 317442048
23:00:07.321 Disk 0 scanning sectors +625139712
23:00:07.544 Disk 0 scanning C:\Windows\system32\drivers
23:00:28.037 Service scanning
23:01:07.740 Modules scanning
23:01:20.279 Disk 0 trace - called modules:
23:01:20.302 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
23:01:20.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d7a030]
23:01:20.315 3 CLASSPNP.SYS[891ba59e] -> nt!IofCallDriver -> [0x87d79260]
23:01:20.321 5 iaStorF.sys[89211138] -> nt!IofCallDriver -> \Device\00000069[0x86154520]
23:01:22.201 AVAST engine scan C:\Windows
23:01:24.590 AVAST engine scan C:\Windows\system32
23:04:47.816 AVAST engine scan C:\Windows\system32\drivers
23:05:08.873 AVAST engine scan C:\Users\Korisnik
23:08:35.423 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
23:08:35.434 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"
Čestitke!: Nisu nađeni spybotovi. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-07-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-10-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-10-01 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-10-08 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-08-13 Includes\TrojansC-02.sbi (*)
2013-10-07 Includes\TrojansC-03.sbi (*)
2013-10-16 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Hi black_lilies,
Sorry for the extended delay in responding to your thread. It has been quite some time since your original scans we run and posted. Please run these tools and post the corresponding logs.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Make sure all other windows are closed and to let it run uninterrupted.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=========================
In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
OTL.txt
Extras.txt
black_lilies
2013-11-19, 21:39
checkup.txt
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java 7 Update 45
Java SE Development Kit 7 Update 21
Adobe Flash Player 11.9.900.117
Mozilla Firefox (25.0.1)
Google Chrome 30.0.1599.101
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
aswMBR.txt
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-19 18:57:20
-----------------------------
18:57:20.595 OS Version: Windows 6.1.7601 Service Pack 1
18:57:20.595 Number of processors: 2 586 0x2A07
18:57:20.595 ComputerName: KORISNIK-PC UserName: Korisnik
18:57:21.578 Initialize success
18:57:23.044 AVAST engine defs: 13111801
19:00:03.544 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
19:00:03.544 Disk 0 Vendor: ATA_____ A60W Size: 305245MB BusType: 11
19:00:03.980 Disk 0 MBR read successfully
19:00:03.996 Disk 0 MBR scan
19:00:03.996 Disk 0 Windows 7 default MBR code
19:00:04.012 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:00:04.027 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 154900 MB offset 206848
19:00:04.058 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150243 MB offset 317442048
19:00:04.058 Disk 0 scanning sectors +625139712
19:00:04.511 Disk 0 scanning C:\Windows\system32\drivers
19:00:18.239 Service scanning
19:00:57.614 Modules scanning
19:01:34.244 Disk 0 trace - called modules:
19:01:34.790 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
19:01:34.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d7f030]
19:01:34.806 3 CLASSPNP.SYS[891d659e] -> nt!IofCallDriver -> [0x87d7e6c0]
19:01:34.806 5 iaStorF.sys[8921e138] -> nt!IofCallDriver -> \Device\0000006a[0x860fec68]
19:01:35.180 AVAST engine scan C:\Windows
19:01:42.575 AVAST engine scan C:\Windows\system32
19:04:58.014 AVAST engine scan C:\Windows\system32\drivers
19:05:17.592 AVAST engine scan C:\Users\Korisnik
19:20:08.572 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
19:20:08.915 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"
19:20:50.817 AVAST engine scan C:\ProgramData
19:23:35.340 Scan finished successfully
19:25:54.388 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
19:25:54.404 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"
OTL.txt
OTL logfile created on: 19.11.2013. 19:33:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
1,89 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 65,61% Memory free
3,78 Gb Paging File | 2,64 Gb Available in Paging File | 69,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,27 Gb Total Space | 22,35 Gb Free Space | 14,77% Space Free | Partition Type: NTFS
Drive D: | 146,72 Gb Total Space | 27,30 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
Computer Name: KORISNIK-PC | User Name: Korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Korisnik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Wipe 2013\wipetray.exe (PrivacyRoot.com)
PRC - C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\ProgramData\BOINC\slots\1\ce5.exe ()
PRC - C:\ProgramData\BOINC\slots\0\ce5.exe ()
PRC - C:\ProgramData\BOINC\projects\work.charityengine.com\ce-generic-wrapper-0001_windows_intelx86.exe ()
PRC - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe (IDEVFH)
PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
PRC - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinc.exe (Space Sciences Laboratory)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Wipe 2013\MD5.dll ()
MOD - C:\ProgramData\BOINC\slots\1\ce5.exe ()
MOD - C:\ProgramData\BOINC\slots\0\ce5.exe ()
MOD - C:\ProgramData\BOINC\projects\work.charityengine.com\ce-generic-wrapper-0001_windows_intelx86.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\97c369d03310ac919968cac177d066da\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\d5229063f646936404008f444c533c3b\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\620cea5f6098caaf044d062d8dde6b3d\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\8b9c29dd76473c8230ca379ee39e40e2\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\1eea35376a67d2e807a54ff3fe4b8a56\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\0a4ef3904cfdea04def6af647f619946\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b1f3ea839257551154e34750f26fa33d\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3506b73a7cc2bc014040bdaf42e3c9f2\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4626a29dfa025f702b32e3515de175e3\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7449f505f7fb206101f361c05dd7d9be\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c3b7873af3400562b01878e1dfdb0c59\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\88080c0d9e9709c55aa0494a3b05a1df\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\847c865b860f33a319b2c6906d9a125f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7499b638af35153a97431c42fd16d9cb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78d3cd0fc198e323f3eb0742f23659b2\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ca0ef2ddc840163b27423f6ede4ddb23\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\09a71502394e43062c81789367f22d1e\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Program Files\BOINC\zlib1.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (CodeMeter.exe) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (IconMan_R) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (aswMBR) -- C:\Users\Korisnik\AppData\Local\Temp\aswMBR.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation)
DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation)
DRV - (RSP2STOR) -- C:\Windows\System32\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV - (iaStorA) -- C:\Windows\System32\drivers\iaStorA.sys (Intel Corporation)
DRV - (iaStorF) -- C:\Windows\System32\drivers\iaStorF.sys (Intel Corporation)
DRV - (asmtxhci) -- C:\Windows\System32\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV - (asmthub3) -- C:\Windows\System32\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV - (EtronXHCI) -- C:\Windows\System32\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV - (EtronHub3) -- C:\Windows\System32\drivers\EtronHub3.sys (Etron Technology Inc)
DRV - (EtronSTOR) -- C:\Windows\System32\drivers\EtronSTOR.sys (Etron Technology Inc)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (b06diag) -- C:\Windows\System32\drivers\bxdiagx.sys (Broadcom Corporation)
DRV - (bxois) -- C:\Windows\System32\drivers\bxois.sys (Broadcom Corporation)
DRV - (bxfcoe) -- C:\Windows\System32\drivers\bxfcoe.sys (Broadcom Corporation)
DRV - (BFN7x86) -- C:\Windows\System32\drivers\Xeno7x86.sys (Bigfoot Networks, Inc.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (s125mgmt) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 E0 2F 66 FE 55 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{FFAB1B2F-B3C1-4B3B-8C5B-B07B36694368}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=512435"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mindmillion.com/inspiration.html"
FF - prefs.js..extensions.enabledAddons: mintrayr%40tn123.ath.cx:1.1.2
FF - prefs.js..extensions.enabledAddons: organize-search-engines%40maltekraus.de:1.7
FF - prefs.js..extensions.enabledAddons: intgcal%40egarracingteam.com.ar:1.2.0
FF - prefs.js..extensions.enabledAddons: amin.eft_bmnotes%40gmail.com:2.8.1
FF - prefs.js..extensions.enabledAddons: %7B48f91e76-bc5f-45a7-a03a-6b4e7669df90%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7Bc07d1a49-9894-49ff-a594-38960ede8fb9%7D:3.1.12
FF - prefs.js..extensions.enabledAddons: is%40dictionaries.addons.mozilla.org:1.3
FF - prefs.js..extensions.enabledAddons: %7B8B72860F-C5F8-4286-865E-D2C2DB98A9E6%7D:1.2.3
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: format.bar%40codefisher.org:0.1.4.10
FF - prefs.js..extensions.enabledAddons: tabforacause%40tabforacause.org:4.1.0
FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.4
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: Konverts%40MediaPimp.com:10.3
FF - prefs.js..extensions.enabledAddons: dcct%40mingyi.org:0.27
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7B2f17f610-5e97-4fed-828f-9940b7b577a4%7D:19.0.0
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: cybersearch%40cybernetnews.com:2.8
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.3.0.1
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledAddons: %7B6E21139C-F48B-11DA-B59C-B582C6649067%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: charpick%40ryanium.com:0.4.1
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.20
FF - prefs.js..extensions.enabledAddons: %7Bea61041c-1e22-4400-99a0-aea461e69d04%7D:0.2.3
FF - prefs.js..extensions.enabledAddons: %7Bc72c0c73-4eb0-4fb3-af0f-074e97326cfd%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66%40mozillafirefoxextension:1.0.3
FF - prefs.js..extensions.enabledAddons: ScrollUp%40saplin.com:1.0
FF - prefs.js..extensions.enabledAddons: dragtabasshortcut%40antontitov.com:1.01
FF - prefs.js..extensions.enabledAddons: %7B3bbdd952-cf6f-44a7-9d23-354a8792b598%7D:1.4
FF - prefs.js..extensions.enabledAddons: shortcuts%40khngai.com:1.9
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: savefileto%40mozdev.org:2.5.1
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: rainbow%40colors.org:1.6
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: support%40todoist.com:3.7
FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.5
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.3.1
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B139a120b-c2ea-41d2-bf70-542d9f063dfd%7D:2.04.1
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:24.0.2
FF - prefs.js..extensions.enabledAddons: brief%40mozdev.org:1.7.2
FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.7.14
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.35.335
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.3
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.94
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3.9
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.5.3
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.2.1
FF - prefs.js..extensions.enabledAddons: %7B5546F97E-11A5-46b0-9082-32AD74AAA920%7D:0.76
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.15
FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:8.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p="
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.11.19 18:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.08.24 22:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.17 10:33:09 | 000,000,000 | ---D | M]
[2013.05.21 10:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Extensions
[2013.11.16 22:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions
[2013.10.02 18:27:24 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013.11.16 22:54:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.07.23 20:21:47 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2013.08.08 00:03:52 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013.07.24 23:11:03 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2013.11.08 02:07:26 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2013.11.02 20:54:53 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013.05.25 17:48:07 | 000,000,000 | ---D | M] ("Converter") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2013.11.01 16:20:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.07.05 00:33:38 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013.07.24 23:10:58 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
[2013.08.12 23:31:02 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2013.05.22 13:36:01 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\amin.eft_bmnotes@gmail.com
[2013.07.24 20:18:22 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\cybersearch@cybernetnews.com
[2013.07.13 10:43:07 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\donottrackplus@abine.com
[2013.05.22 01:00:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\en-US@dictionaries.addons.mozilla.org
[2013.07.24 23:11:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxmarks@kei.com
[2013.10.26 22:16:08 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxyproxy@eric.h.jung
[2013.09.13 22:04:51 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\fr-dicollecte@dictionaries.addons.mozilla.org
[2013.08.20 15:33:39 | 000,000,000 | ---D | M] (Croatian Dictionary (Hrvatski Rjecnik)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\hr-HR-2@dictionaries.addons.mozilla.org
[2013.10.05 21:03:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\https-everywhere@eff.org
[2013.10.25 15:27:40 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\idme@abine.com
[2013.05.24 18:00:28 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\is@dictionaries.addons.mozilla.org
[2013.06.27 16:30:18 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\isreaditlater@ideashower.com
[2013.07.19 08:38:18 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab & More) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\Konverts@MediaPimp.com
[2013.05.22 00:48:56 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\mintrayr@tn123.ath.cx
[2013.09.19 13:45:19 | 000,000,000 | ---D | M] (Rain Alarm Extension) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\rain-alarm@mdiener.de
[2013.07.27 02:38:22 | 000,000,000 | ---D | M] ("TableTools2") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\tabletools2@mingyi.org
[2013.08.16 16:42:27 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.11.07 15:28:35 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2013.08.08 21:30:14 | 000,027,678 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66@mozillafirefoxextension.xpi
[2013.10.18 14:29:17 | 000,246,524 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\brief@mozdev.org.xpi
[2013.07.27 02:38:22 | 000,031,018 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\charpick@ryanium.com.xpi
[2013.08.30 00:37:05 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\client@anonymox.net.xpi
[2013.08.12 16:09:04 | 000,126,982 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\customizable-shortcuts@timtaubert.de.xpi
[2013.07.20 00:13:03 | 000,028,980 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dcct@mingyi.org.xpi
[2013.08.12 15:48:57 | 000,007,979 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dragtabasshortcut@antontitov.com.xpi
[2013.06.26 17:05:52 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\facebook@disconnect.me.xpi
[2013.11.06 18:41:04 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firefox@ghostery.com.xpi
[2013.10.18 14:29:17 | 000,390,473 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firegestures@xuldev.org.xpi
[2013.06.02 12:04:06 | 000,162,728 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\format.bar@codefisher.org.xpi
[2013.08.12 16:15:27 | 000,119,451 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\FxExtPasteNGoHtk@github.lostdj.xpi
[2013.05.22 05:19:20 | 000,025,955 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\intgcal@egarracingteam.com.ar.xpi
[2013.05.22 15:14:22 | 000,301,619 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi
[2013.07.23 22:47:42 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013.07.21 11:42:40 | 000,193,117 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-A2AGBH3veL3ZV6GOM159BnxtOjg@jetpack.xpi
[2013.11.06 18:40:58 | 000,568,293 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
[2013.08.17 11:29:38 | 000,168,986 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack.xpi
[2013.07.21 11:42:22 | 000,241,099 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-UPq1qFOINa4blezeJa2DpZKATTo@jetpack.xpi
[2013.09.24 19:02:15 | 000,306,265 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-j3KiX1n7UXrjxQ@jetpack.xpi
[2013.07.21 11:42:48 | 000,300,648 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-sNaADGzvFyhsSA@jetpack.xpi
[2013.10.29 19:55:16 | 000,320,988 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
[2013.11.06 19:51:52 | 000,367,522 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\langpack-hr@firefox.mozilla.org.xpi
[2013.07.24 23:11:03 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\lazarus@interclue.com.xpi
[2013.10.09 21:02:59 | 000,320,474 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\mytube@ashishmishra.in.xpi
[2013.10.11 00:42:49 | 000,159,644 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
[2013.08.07 22:08:26 | 000,010,666 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\noverflow@sdrocking.com.xpi
[2013.05.22 01:03:31 | 000,113,783 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\organize-search-engines@maltekraus.de.xpi
[2013.08.20 15:33:38 | 000,470,162 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rainbow@colors.org.xpi
[2013.08.08 00:03:52 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\requestpolicy@requestpolicy.com.xpi
[2013.05.29 18:55:25 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rssicon@jasnapaka.com.xpi
[2013.08.16 12:10:37 | 000,123,257 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\savefileto@mozdev.org.xpi
[2013.08.08 21:30:14 | 000,011,209 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\ScrollUp@saplin.com.xpi
[2013.07.22 22:47:44 | 000,121,779 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\searchy@searchy.xpi
[2013.08.12 16:20:26 | 000,011,724 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\shortcuts@khngai.com.xpi
[2013.11.06 07:39:01 | 000,367,561 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\smarterwiki@wikiatic.com.xpi
[2013.08.27 14:56:58 | 000,011,156 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\support@todoist.com.xpi
[2013.06.08 15:52:23 | 000,292,666 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabforacause@tabforacause.org.xpi
[2013.09.08 02:19:10 | 000,160,818 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabscope@xuldev.org.xpi
[2013.07.24 23:11:07 | 000,024,038 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi
[2013.11.16 22:54:02 | 000,059,830 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\zoompage@DW-dev.xpi
[2013.08.05 01:05:34 | 000,475,365 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013.10.02 17:42:45 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.10.05 14:16:11 | 000,132,344 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
[2013.10.18 21:19:05 | 000,023,107 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
[2013.10.31 22:49:49 | 000,381,472 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.10.02 18:27:24 | 000,094,167 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
[2013.10.31 22:49:48 | 000,217,340 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2013.08.12 16:20:26 | 000,015,234 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{3bbdd952-cf6f-44a7-9d23-354a8792b598}.xpi
[2013.05.23 14:22:37 | 000,007,404 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{48f91e76-bc5f-45a7-a03a-6b4e7669df90}.xpi
[2013.10.05 14:25:25 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2013.09.17 11:06:36 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2013.11.05 18:41:03 | 000,243,884 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi
[2013.07.27 02:38:19 | 000,005,533 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{6E21139C-F48B-11DA-B59C-B582C6649067}.xpi
[2013.11.09 16:01:13 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.08.08 00:03:51 | 000,050,761 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
[2013.10.05 14:05:16 | 000,026,163 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
[2013.05.24 09:36:25 | 000,447,526 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
[2013.08.08 00:03:51 | 000,016,921 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi
[2013.06.26 17:05:35 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.10.11 00:42:49 | 001,283,406 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
[2013.07.24 23:10:58 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.10.31 23:59:13 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.08.13 22:02:41 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.10.01 20:17:08 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.07.24 23:10:52 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2013.08.08 00:03:51 | 000,057,752 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
[2013.07.24 22:19:31 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2013.06.26 17:30:02 | 000,000,472 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\10starmoviescom.xml
[2013.10.04 08:49:19 | 000,000,779 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\a-z-lyrics-universe.xml
[2013.06.26 17:35:48 | 000,000,675 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\asian-horror-moviescom.xml
[2013.05.25 21:48:49 | 000,001,500 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\care2.xml
[2013.05.22 02:00:07 | 000,000,949 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\coolinarika.xml
[2013.05.22 03:15:46 | 000,000,984 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\dark-lyrics.xml
[2013.06.07 16:15:19 | 000,000,926 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\deviantart.xml
[2013.08.07 22:24:09 | 000,001,263 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\duckduckgo.xml
[2013.11.05 21:19:47 | 000,000,451 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\easy-pdf-search.xml
[2013.06.19 19:00:36 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\fenopyse.xml
[2013.05.22 00:49:34 | 000,001,635 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\firefox-add-ons.xml
[2013.05.22 03:21:55 | 000,009,117 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\flickr.xml
[2013.08.14 02:29:36 | 000,006,404 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gallica-bnf.xml
[2013.06.02 20:57:36 | 000,000,526 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gazetteer-of-british-place-names.xml
[2013.06.19 15:30:11 | 000,001,733 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\goodsearch.xml
[2013.06.07 12:28:03 | 000,001,712 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-books.xml
[2013.07.23 23:41:12 | 000,001,024 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-pagerank-checker.xml
[2013.05.22 03:22:40 | 000,001,427 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-slike.xml
[2013.07.01 12:01:04 | 000,000,843 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\haro-online--movies.xml
[2013.05.26 17:19:01 | 000,000,773 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hphosts-online.xml
[2013.11.09 19:25:01 | 000,000,856 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hrvatski-jezini-portal.undefined.undefined
[2013.05.24 22:34:33 | 000,000,759 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hubpages.xml
[2013.05.22 01:04:15 | 000,012,707 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\imdb.xml
[2013.08.14 02:45:13 | 000,001,413 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\internet-archive.xml
[2013.07.01 11:06:59 | 000,001,213 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\isohunt.xml
[2013.06.27 12:01:26 | 000,001,374 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ixquick-search-engine.xml
[2013.07.19 23:31:53 | 000,001,419 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\jamie-oliver.xml
[2013.05.22 03:20:30 | 000,001,355 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\kickasstorrents.xml
[2013.06.16 00:32:27 | 000,001,443 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\lastfm.xml
[2013.06.11 15:24:21 | 000,001,464 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\leos-lyrics.xml
[2013.08.14 03:01:18 | 000,001,109 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\librivox-1.xml
[2013.05.29 11:19:21 | 000,000,814 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\merriam-webster-online.xml
[2013.07.01 12:08:05 | 000,001,629 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\monovaorg.xml
[2013.08.24 18:48:32 | 000,001,602 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\mp3skullcom.xml
[2013.11.11 18:25:21 | 000,001,121 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\nameberrycom.undefined.undefined
[2013.07.01 11:12:39 | 000,001,188 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\onebigtorrentorg.xml
[2013.07.01 11:28:11 | 000,001,479 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ovguide.xml
[2013.07.23 23:17:23 | 000,000,795 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\phishtank.xml
[2013.10.05 16:39:15 | 000,000,691 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\podnapisinet.xml
[2013.07.21 13:02:45 | 000,001,603 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\primewire--1channel--letmewatchthis.xml
[2013.06.07 00:29:22 | 000,001,324 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\project-gutenberg.xml
[2013.06.26 16:27:57 | 000,001,869 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ripple.xml
[2013.07.02 20:15:36 | 000,000,918 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\scribd.xml
[2013.05.29 14:11:23 | 000,001,268 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\serious-eats-recipes.xml
[2013.05.22 03:15:07 | 000,000,920 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\songmeanings.xml
[2013.10.05 16:38:39 | 000,001,122 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\subtitlecubecom.xml
[2013.07.23 23:37:12 | 000,000,507 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\sucuri-security--website-malware-scan.xml
[2013.11.05 21:22:36 | 000,001,392 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-audiobook-bay.xml
[2013.07.17 22:11:20 | 000,040,970 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-cornell-lab-of-ornithology.xml
[2013.05.29 11:32:05 | 000,001,110 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-free-dictionary.xml
[2013.05.22 03:19:23 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-pirate-bay.xml
[2013.10.08 22:01:22 | 000,000,666 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\torrentz.xml
[2013.08.17 01:09:37 | 000,001,027 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\urban-dictionary.xml
[2013.08.07 23:44:29 | 000,000,502 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\userscriptsorg.xml
[2013.05.29 11:27:36 | 000,001,588 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\vegan-soapbox.xml
[2013.05.22 06:14:08 | 000,001,231 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wayback-machine.xml
[2013.05.29 10:59:38 | 000,001,818 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikimedia-cookbook.xml
[2013.05.29 10:50:25 | 000,001,266 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikipediaorg.xml
[2013.05.29 10:55:30 | 000,000,557 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikivet.xml
[2013.07.09 22:19:40 | 000,001,318 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wolframalpha.xml
[2013.05.23 22:16:58 | 000,001,791 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wot-web-of-trust.xml
[2013.05.22 01:03:48 | 000,001,136 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\youtube.xml
[2013.11.17 10:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.11.17 10:33:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.11.19 18:31:19 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.08.24 22:42:58 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013.08.24 22:41:59 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Google.hr (Enabled)
CHR - default_search_provider: search_url = https://www.google.hr/search?output=search&sclient=psy-ab&q={searchTerms}&btnG=&oq=&gs_l=&pbx=1
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.hr/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google disk = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google pretrau017Eivanje = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0\
CHR - Extension: Foxy Proxy Standard = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.8_1\
CHR - Extension: avast! Online Security = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: ProxMate - Improve your Internet! = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.4.3_0\
CHR - Extension: RealDownloader = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Karte = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Nov\u010Danik = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: TS Magic Player = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.29_0\
CHR - Extension: Gmail = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
black_lilies
2013-11-19, 21:44
O1 HOSTS File: ([2013.08.09 08:09:58 | 000,450,636 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - HKCU..\Run: [SearchProtection] C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk = C:\Program Files\Wipe 2013\wipetray.exe (PrivacyRoot.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.11.19 18:59:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.19 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
[2013.11.19 18:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013.11.18 23:12:24 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Desktop\Nova mapa
[2013.11.17 10:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.11.15 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.11.08 09:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.11.08 09:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.11.02 20:55:49 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Documents\iMacros
[2013.10.20 23:51:16 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.10.20 23:51:05 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.10.20 23:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.10.20 23:51:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.10.20 23:51:04 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[54 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.11.19 19:32:11 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.19 19:31:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.19 19:25:54 | 000,000,512 | ---- | M] () -- C:\Users\Korisnik\Desktop\MBR.dat
[2013.11.19 19:18:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.19 18:46:11 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.19 18:46:11 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.19 18:37:57 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.19 18:37:46 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.11.19 18:37:11 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.19 18:31:14 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.11.19 18:31:13 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.11.19 18:31:13 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.11.19 18:31:13 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.11.19 18:31:13 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.11.19 18:31:13 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.11.19 18:31:13 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.11.19 18:31:12 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.11.19 18:31:04 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.11.19 18:25:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
[2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
[2013.11.17 20:04:11 | 000,666,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.11.17 20:04:11 | 000,127,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.11.10 13:47:04 | 000,448,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.11.06 21:27:23 | 000,007,696 | ---- | M] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
[2013.11.06 14:43:35 | 000,001,669 | ---- | M] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
[2013.10.29 21:35:51 | 000,001,020 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk
[2013.10.22 08:20:10 | 000,056,027 | ---- | M] () -- C:\Users\Korisnik\Desktop\100653427.jpg
[2013.10.22 01:04:26 | 000,061,339 | ---- | M] () -- C:\Users\Korisnik\Desktop\money-background-seamless-fill-bluesky.jpg
[2013.10.22 00:41:38 | 000,009,900 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-dollar-bills_animation.gif
[2013.10.22 00:41:14 | 000,008,984 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-bills-animated.gif
[2013.10.22 00:41:08 | 000,024,181 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-dollars-animation.gif
[2013.10.21 00:21:32 | 000,002,630 | ---- | M] () -- C:\Users\Korisnik\Desktop\The Nearly Ultimate Guide to Better Writing.pdf.lnk
[2013.10.21 00:21:00 | 000,002,578 | ---- | M] () -- C:\Users\Korisnik\Desktop\Serena Alba - Geometrija boanske iskre.pdf.lnk
[2013.10.21 00:19:39 | 000,001,180 | ---- | M] () -- C:\Users\Korisnik\Desktop\Filmovi.lnk
[2013.10.21 00:18:47 | 000,001,057 | ---- | M] () -- C:\Users\Korisnik\Desktop\Slike.lnk
[2013.10.21 00:18:24 | 000,001,051 | ---- | M] () -- C:\Users\Korisnik\Desktop\Glazba.lnk
[2013.10.21 00:16:54 | 000,001,072 | ---- | M] () -- C:\Users\Korisnik\Desktop\Dokumenti.lnk
[2013.10.20 23:50:49 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.10.20 23:50:33 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.10.20 23:50:33 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.10.20 23:50:32 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[54 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.11.19 19:20:08 | 000,000,512 | ---- | C] () -- C:\Users\Korisnik\Desktop\MBR.dat
[2013.11.19 18:37:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.11.18 23:02:24 | 000,891,200 | ---- | C] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
[2013.11.06 14:43:35 | 000,001,669 | ---- | C] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
[2013.11.05 21:35:59 | 000,007,696 | ---- | C] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
[2013.10.22 08:20:09 | 000,056,027 | ---- | C] () -- C:\Users\Korisnik\Desktop\100653427.jpg
[2013.10.22 01:04:22 | 000,061,339 | ---- | C] () -- C:\Users\Korisnik\Desktop\money-background-seamless-fill-bluesky.jpg
[2013.10.22 00:41:37 | 000,009,900 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-dollar-bills_animation.gif
[2013.10.22 00:41:13 | 000,008,984 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-bills-animated.gif
[2013.10.22 00:41:06 | 000,024,181 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-dollars-animation.gif
[2013.10.21 00:21:32 | 000,002,630 | ---- | C] () -- C:\Users\Korisnik\Desktop\The Nearly Ultimate Guide to Better Writing.pdf.lnk
[2013.10.21 00:21:00 | 000,002,578 | ---- | C] () -- C:\Users\Korisnik\Desktop\Serena Alba - Geometrija boanske iskre.pdf.lnk
[2013.10.21 00:19:39 | 000,001,180 | ---- | C] () -- C:\Users\Korisnik\Desktop\Filmovi.lnk
[2013.10.21 00:18:47 | 000,001,057 | ---- | C] () -- C:\Users\Korisnik\Desktop\Slike.lnk
[2013.10.21 00:18:24 | 000,001,051 | ---- | C] () -- C:\Users\Korisnik\Desktop\Glazba.lnk
[2013.10.21 00:16:54 | 000,001,072 | ---- | C] () -- C:\Users\Korisnik\Desktop\Dokumenti.lnk
[2013.10.15 08:42:36 | 000,000,090 | ---- | C] () -- C:\Windows\Philip.INI
[2013.10.15 07:52:46 | 000,000,098 | ---- | C] () -- C:\ProgramData\avalon2.2_WIPE2013.ini
[2013.10.15 07:52:38 | 000,340,992 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.10.15 07:52:34 | 000,340,992 | ---- | C] () -- C:\Windows\sqlite36_engine.dll
[2013.10.06 00:22:20 | 000,200,148 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013.08.17 14:29:27 | 109,026,806 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla.rar
[2013.07.24 15:19:14 | 000,001,397 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.28 17:46:41 | 000,003,342 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\recently-used.xbel
[2013.06.23 15:58:45 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013.06.21 09:54:46 | 000,000,096 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\fusioncache.dat
[2013.06.19 14:41:05 | 000,026,364 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\UserTile.png
[2013.06.19 12:39:35 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2013.06.19 12:34:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\aceg.ini
[2013.05.26 17:10:37 | 000,000,896 | RHS- | C] () -- C:\Users\Korisnik\ntuser.pol
[2013.05.21 10:43:00 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.21 10:42:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.21 10:29:27 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013.05.21 09:28:39 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2013.05.21 09:28:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2013.05.21 09:28:36 | 000,240,004 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.12.14 01:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012.12.14 01:02:20 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.12.14 01:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.12.14 01:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.14 01:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.12.14 01:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
========== ZeroAccess Check ==========
[2012.07.14 18:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.07.23 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\AlarmClock
[2013.11.12 23:15:34 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Audacity
[2013.11.19 18:38:33 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
[2013.06.19 11:18:28 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\BSplayer
[2013.05.21 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\BSplayer Pro
[2013.05.21 10:35:32 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Canneverbe Limited
[2013.09.18 23:01:36 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Epson
[2013.11.11 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Folding@home-x86
[2013.11.18 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\foobar2000
[2013.07.09 22:23:56 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\inkscape
[2013.10.27 15:22:18 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\IrfanView
[2013.06.04 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Line 6
[2013.06.29 13:13:03 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Oracle
[2013.06.04 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Propellerhead Software
[2013.08.10 13:19:41 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Search Protection
[2013.06.15 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\SumatraPDF
[2013.05.21 10:10:20 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Synaptics
[2013.06.03 10:47:15 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\UA_HiRISE
[2013.11.12 04:32:59 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\uTorrent
[2013.10.27 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\WIPE2013
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2011.04.12 03:15:49 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2011.04.12 03:15:49 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009.06.10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009.06.10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2011.04.12 03:15:39 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2011.04.12 03:15:39 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
[2009.07.13 18:55:04 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C034B59784311ABD8D8E0D7943EDFBC6 -- C:\Windows\hr-HR\explorer.exe.mui
[2009.07.13 18:55:04 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C034B59784311ABD8D8E0D7943EDFBC6 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ee880aa5ad10d620\explorer.exe.mui
< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013.11.19 19:30:28 | 000,118,418 | ---- | M] () MD5=F5116BC9B84BCC8B2A334DBF0D43347B -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
< MD5 for: EXPLORER.ICO >
[2007.07.20 11:55:08 | 000,025,214 | ---- | M] () MD5=9B8226EC0C75BA9BDE995D8FBC3FDF59 -- C:\Program Files\FreeAlarmClock\explorer.ico
< MD5 for: EXPLORER.ZIP >
[2006.03.06 21:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
< MD5 for: IEXPLORE.EXE >
[2013.03.23 16:58:37 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_ba715a6a65dbf461\iexplore.exe
[2013.04.05 06:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_a39ee59e7f860811\iexplore.exe
[2013.04.05 07:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013.04.05 07:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2010.11.20 22:29:33 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2009.07.13 17:12:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=49F18DD112B5CDC5DC1DDCECDA088D92 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_hr-hr_97e3d05892d28ffe\iexplore.exe.mui
[2013.03.23 16:58:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013.03.23 16:58:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
[2009.07.14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2013.11.15 18:45:15 | 000,099,278 | ---- | M] () MD5=DBD0BC8350A2D7CB489A2E55A17E82F4 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
< MD5 for: SERVICES >
[2009.06.10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2011.04.12 03:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2011.04.12 03:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009.07.13 18:19:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=DE8100CA6FABE5B5A99CA078144368EF -- C:\Windows\System32\hr-HR\services.exe.mui
[2009.07.13 18:19:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=DE8100CA6FABE5B5A99CA078144368EF -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_5292ca9f5f6438ed\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009.07.14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009.06.10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
< MD5 for: SERVICES.MSC >
[2011.04.12 03:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2011.04.12 03:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009.07.13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
< MD5 for: SERVICES.SBS >
[2013.07.16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
< MD5 for: WINLOGON.ADML >
[2011.04.12 03:15:49 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2011.04.12 03:15:49 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009.06.10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009.06.10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2011.04.12 03:15:37 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2011.04.12 03:15:37 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
[2010.11.20 03:33:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=F8476619C18A319B403AAE275A6A4C46 -- C:\Windows\System32\hr-HR\winlogon.exe.mui
[2010.11.20 03:33:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=F8476619C18A319B403AAE275A6A4C46 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_hr-hr_b5bf28db3a740100\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2009.07.13 18:26:28 | 000,001,080 | ---- | M] () MD5=25448FF5977E91FF87B3A52D6B696803 -- C:\Windows\System32\wbem\hr-HR\winlogon.mfl
[2009.07.13 18:26:28 | 000,001,080 | ---- | M] () MD5=25448FF5977E91FF87B3A52D6B696803 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_115066de58bdd6fb\winlogon.mfl
[2011.04.12 03:15:38 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2011.04.12 03:15:38 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009.07.13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009.07.13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2013.05.26 17:59:41 | 000,003,065 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013.11.19 18:37:11 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.24 15:28:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.07.24 15:28:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.11.19 18:37:11 | 2029,371,392 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010.11.20 22:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.16 16:07:46 | 000,878,224 | ---- | M] (Space Sciences Laboratory) -- C:\Windows\boinc.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 54DD-0016
Directory of C:\
14.07.2009. 05:53 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14.07.2009. 05:53 <JUNCTION> Application Data [C:\ProgramData]
14.07.2009. 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14.07.2009. 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14.07.2009. 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14.07.2009. 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009. 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14.07.2009. 05:53 <SYMLINKD> All Users [C:\ProgramData]
14.07.2009. 05:53 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14.07.2009. 05:53 <JUNCTION> Application Data [C:\ProgramData]
14.07.2009. 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14.07.2009. 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14.07.2009. 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14.07.2009. 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009. 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14.07.2009. 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14.07.2009. 05:53 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14.07.2009. 05:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14.07.2009. 05:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
14.07.2009. 05:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009. 05:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009. 05:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009. 05:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009. 05:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009. 05:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14.07.2009. 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14.07.2009. 05:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009. 05:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14.07.2009. 05:53 <JUNCTION> My Music [C:\Users\Default\Music]
14.07.2009. 05:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14.07.2009. 05:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Korisnik
21.05.2013. 08:23 <JUNCTION> Application Data [C:\Users\Korisnik\AppData\Roaming]
21.05.2013. 08:23 <JUNCTION> Cookies [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Cookies]
21.05.2013. 08:23 <JUNCTION> Local Settings [C:\Users\Korisnik\AppData\Local]
21.05.2013. 08:23 <JUNCTION> My Documents [C:\Users\Korisnik\Documents]
21.05.2013. 08:23 <JUNCTION> NetHood [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21.05.2013. 08:23 <JUNCTION> PrintHood [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21.05.2013. 08:23 <JUNCTION> Recent [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Recent]
21.05.2013. 08:23 <JUNCTION> SendTo [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\SendTo]
21.05.2013. 08:23 <JUNCTION> Start Menu [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu]
21.05.2013. 08:23 <JUNCTION> Templates [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Korisnik\AppData\Local
21.05.2013. 08:23 <JUNCTION> Application Data [C:\Users\Korisnik\AppData\Local]
21.05.2013. 08:23 <JUNCTION> History [C:\Users\Korisnik\AppData\Local\Microsoft\Windows\History]
21.05.2013. 08:23 <JUNCTION> Temporary Internet Files [C:\Users\Korisnik\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Korisnik\Documents
21.05.2013. 08:23 <JUNCTION> My Music [C:\Users\Korisnik\Music]
21.05.2013. 08:23 <JUNCTION> My Pictures [C:\Users\Korisnik\Pictures]
21.05.2013. 08:23 <JUNCTION> My Videos [C:\Users\Korisnik\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14.07.2009. 05:53 <JUNCTION> My Music [C:\Users\Public\Music]
14.07.2009. 05:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14.07.2009. 05:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 23.915.397.120 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013.05.21 09:37:12 | 000,000,221 | -HS- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
[2013.10.16 21:03:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Korisnik\Desktop\erunt-setup.exe
[2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-05-21 09:05:47
========== Base Services ==========
SRV - [2009.07.14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013.02.27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009.07.14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010.11.20 22:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010.11.20 22:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2013.03.23 16:40:38 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013.03.23 16:34:59 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010.11.20 22:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2013.03.23 16:20:41 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010.11.20 22:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2013.03.23 16:48:57 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2013.03.23 16:24:50 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2013.03.23 16:31:54 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010.11.20 22:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010.11.20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009.07.14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010.11.20 22:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010.11.20 22:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010.11.20 22:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010.11.20 22:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2013.03.23 16:41:02 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010.11.20 22:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010.11.20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010.11.20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010.11.20 22:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.11.20 22:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010.11.20 22:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010.11.20 22:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010.11.20 22:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012.06.02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010.11.20 22:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010.11.20 22:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ATA Hitachi HTS54323 SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 151,00GB
Starting Offset: 105906176
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 147,00GB
Starting Offset: 162530328576
Hidden sectors: 0
< End of report >
black_lilies
2013-11-19, 21:45
Extras.txt
OTL Extras logfile created on: 19.11.2013. 19:33:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
1,89 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 65,61% Memory free
3,78 Gb Paging File | 2,64 Gb Available in Paging File | 69,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,27 Gb Total Space | 22,35 Gb Free Space | 14,77% Space Free | Partition Type: NTFS
Drive D: | 146,72 Gb Total Space | 27,30 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
Computer Name: KORISNIK-PC | User Name: Korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files\foobar2000\foobar2000.exe" /add "%1" (Piotr Pawlowski)
Directory [foobar2000.play] -- "C:\Program Files\foobar2000\foobar2000.exe" "%1" (Piotr Pawlowski)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C65EF1CC-4A9F-4A83-BE03-80A3243D3E10}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AEF387-A6CF-43CD-AF5E-3C6BA3C09A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D5FA06E-0F19-4B49-9130-3287DEEA49C6}" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"{18E89CCB-A0AD-472B-9392-C3E26C3CC0A5}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{1E18746D-2FA5-4879-B4DB-1539AC88300D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{37F1208E-D9AC-4355-AE29-F47734F5BFA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{37FFD9B2-23A1-4D58-8C04-58EE452672E4}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{4E61EA41-0055-42EC-B7CF-B4A7FBB1BB02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5AEB08AC-2C00-41B5-AB90-BEF6234FA7D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5CC39BA4-DA6E-47C0-99BD-2946F7FF0F56}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{6112865D-AA69-48D7-80FB-4E4D2B08659A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8E435D9A-3A2C-46FB-B26F-F9A07473C34C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A16BEF9C-84C3-415E-B3A0-5B61DB3CD9E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AF52718A-15A8-4CD1-9119-7DD7729C3F00}" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"{B40367A4-D114-43FA-9C8D-58F9321145D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E30ED415-BE27-4920-96ED-05744B9DBB9E}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{F23D25B8-8A4A-4322-82D4-8D98AF89FF5D}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{5EB3CABB-A47F-4182-9C1B-2A6FB5084719}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{ED27E978-5DF7-47C6-AD12-54F692AF3F60}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E221EA3A-AA43-462F-84D5-27C2B052916D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{E5F987FE-A5E6-43E5-BB6B-ACF292DFA996}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype 6.3
"{1A3A0526-E055-4B51-8F56-9C520509A572}" = Authorizer Ignition Key Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29F1159B-A14A-4B2D-84CF-F1231F68178E}" = Duke Nukem - Manhattan Project (DEMO v1.0.1)
"{32A3A4F4-B792-11D6-A78A-00B0D0170210}" = Java SE Development Kit 7 Update 21
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBD2D05-F6A2-3151-81ED-064B94A16C51}" = Google Chrome
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{818AD66C-A54A-409E-8489-2F2548F0880E}" = BOINC
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.1
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-041A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Croatian) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-041A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Croatian) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-041A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Croatian) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-041A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Croatian) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-041A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Croatian) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-041A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Croatian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
"{90120000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-041A-0000-0000000FF1CE}" = Microsoft Office Proofing (Croatian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-041A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Croatian) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-041A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Croatian) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-041A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Croatian) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-041A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Croatian) 2007
"{90120000-0100-041A-0000-0000000FF1CE}" = Microsoft Office O MUI (Croatian) 2007
"{90120000-0101-041A-0000-0000000FF1CE}" = Microsoft Office X MUI (Croatian) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1" = Authorizer 2.5.1
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"Byki Express" = Byki Express
"CCleaner" = CCleaner
"Eight Legged Freaks" = Eight Legged Freaks (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Korisnički vodič EPSON SX130 Series
"ERUNT_is1" = ERUNT 1.1j
"Foldit" = Foldit
"foobar2000" = foobar2000 v1.2.9
"Free Driver Backup_is1" = Free Driver Backup 9.4.5
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HiView_is1" = HiView
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"Inkscape" = Inkscape 0.48.4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{29F1159B-A14A-4B2D-84CF-F1231F68178E}" = Duke Nukem - Manhattan Project (DEMO v1.0.1)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.0 (Full)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzija 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 25.0.1 (x86 hr)" = Mozilla Firefox 25.0.1 (x86 hr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.hr-hr" = Microsoft Office Language Pack 2007 - Croatian/Hrvatski
"RealPlayer 16.0" = RealPlayer
"Reason7.0_32_is1" = Reason 7.0.1
"Santa Claus in Trouble" = Santa Claus in Trouble
"SouthParkMario2.1" = SouthPark Mario Bros 2.1
"SpeedFan" = SpeedFan (remove only)
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Wipe 2013" = Wipe 2013.59
"Zombiepox_is1" = Zombiepox v1.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection" = Search Protection
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.11.2013. 15:03:15 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 158013
Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 173863
Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 173863
Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 189806
Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 189806
Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 205781
Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 205781
[ Media Center Events ]
Error - 16.8.2013. 7:12:50 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
Description = 13:12:50 - Dohvaćanje stavke Directory nije uspjelo (Pogreka: The
underlying connection was closed: An unexpected error occurred on a send.)
Error - 16.8.2013. 7:12:50 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
Description = 13:12:50 - Dohvaćanje stavke MCEClientUX nije uspjelo (Pogreka: The
underlying connection was closed: An unexpected error occurred on a send.)
Error - 16.8.2013. 7:13:11 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
Description = 13:12:50 - Dohvaćanje stavke Broadband nije uspjelo (Pogreka: The
underlying connection was closed: An unexpected error occurred on a send.)
[ System Events ]
Error - 16.11.2013. 15:37:59 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 16.11.2013. 15:48:15 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 17.11.2013. 10:46:55 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
Wlansvc.
Error - 17.11.2013. 13:06:32 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
ShellHWDetection.
Error - 17.11.2013. 14:57:09 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
ShellHWDetection.
Error - 17.11.2013. 15:20:46 | Computer Name = Korisnik-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 17.11.2013. 15:44:05 | Computer Name = Korisnik-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:29:06 on ?17.?11.?2013. was unexpected.
Error - 18.11.2013. 18:13:59 | Computer Name = Korisnik-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:12:42 on ?18.?11.?2013. was unexpected.
Error - 19.11.2013. 13:31:23 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7030
Description = Servis avast! Antivirus označen je kao interaktivni servis. Međutim,
sustav je konfiguriran tako da ne dozvoljava interaktivne servise. Servis moda
neće ispravno funkcionirati.
Error - 19.11.2013. 15:00:42 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
< End of report >
Hi black_lilies,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) RogueKiller
Download to your desktop RogueKiller (http://tigzy.geekstogo.com/roguekiller.html) (by tigzy)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan, Do Not Fix Anything at this point.
Click the Report button, save the report to your desktop
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ComboFix
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from the following location:
Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
=========================
In your next post please provide the following:
RKreport.txt
ComboFix.txt
Please describe the symptoms you are experiencing.
black_lilies
2013-11-20, 17:54
Hi OCD,
I still have the same problem with the sound. Also, on local disk D: there's a new empty folder $RECYCLE.BIN which doesn't seem like it's empty, it says there's one file and a folder inside. And its disk size is changing, it was first 4 KB, then 8 KB and now it's back to 4. I didn't notice anything else.
RKreport.txt
RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Korisnik [Admin rights]
Mode : Scan -- Date : 11/20/2013 15:44:07
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]
[SUSP PATH] afom.exe -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1339427262-3479436622-1115934270-1000\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54323 SCSI Disk Device +++++
--- User ---
[MBR] 295c75d871fcf1297cf1145835049b8e
9dba65ade744a9c0c0256ba54bc190d8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 154900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317442048 | Size: 150243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_11202013_154407.txt >>
[B]ComboFix.txt
ComboFix 13-11-19.01 - Korisnik 0.11.2013. 15:52:33.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.1126 [GMT 1:00]
Running from: c:\users\Korisnik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))
.
.
2013-11-20 15:04 . 2013-11-20 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-19 17:38 . 2013-11-19 17:38 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVAST Software
2013-11-08 08:23 . 2013-11-08 08:23 -------- d-----w- c:\program files\iPod
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 17:31 . 2013-05-21 09:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-19 17:31 . 2013-05-21 09:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-19 17:31 . 2013-05-21 09:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-19 17:31 . 2013-05-21 09:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-19 17:31 . 2013-05-21 09:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-19 17:31 . 2013-05-21 09:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 17:31 . 2013-05-21 09:42 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-19 17:31 . 2013-05-21 09:43 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-19 17:31 . 2013-05-21 09:42 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-19 17:31 . 2013-05-21 09:41 43152 ----a-w- c:\windows\avastSS.scr
2013-10-20 22:50 . 2013-10-20 22:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 21:33 . 2013-05-22 00:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:33 . 2013-05-22 00:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-24 21:41 . 2013-06-27 14:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-24 21:41 . 2013-06-27 14:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-19 17:30 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-09 1591808]
"SearchProtection"="c:\users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09-03 832360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-03-06 5655144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-16 3667600]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-16 71312]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-24 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
.
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
Wipe tray agent 2013.lnk - c:\program files\Wipe 2013\wipetray.exe startup [2013-10-15 216880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21 8443832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-05-08 16:24 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-08-20 110408]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 331080]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-04 351288]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-04 796216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-03-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 532536]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 25656]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13 1830544]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-09-19 209552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 14:44 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 21:33]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://mindmillion.com/inspiration.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
c:\program files\BOINC\boinc.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Wipe 2013\wipetray.exe
c:\programdata\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_7.06_windows_intelx86
c:\windows\system32\conhost.exe
c:\programdata\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_7.06_windows_intelx86
c:\windows\system32\conhost.exe
c:\programdata\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_prod_32.exe.7.06
c:\windows\system32\conhost.exe
c:\programdata\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_prod_32.exe.7.06
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Completion time: 2013-11-20 16:16:22 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-20 15:16
.
Pre-Run: 28.300.029.952 bytes free
Post-Run: 28.410.585.088 bytes free
.
- - End Of File - - 2F492973F0BF92E8C7AF8F2E8A5EF7BA
A36C5E4F47E84449FF07ED3517B43A31
Hi black_lilies,
In regards to the audio issue:
Can you explain when it happens?
Is the sound playing on the Internet, web sites?
Can you load a music CD and get audio?
=========================
After that I found a folder named 3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ on local disk C:, full of other folders (the number of folders increasing constantly)Can you give some more detailed information about this issue? Complete path to this folder/file.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run RogueKiller
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan.
After the scan has completed click on the Registry tab
Place a check mark next to each of the following entries:
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
Remove the check mark from all other entries listed
Click the Delete button
Click the Report button, save the report to your desktop
=========================
In your next post please provide the following:
RKreport
Answer to questions asked
black_lilies
2013-11-21, 23:55
Hi, OCD
Good news today :). I think I solved the sound issue, just changed something in the Control Panel, related to power management. I really have no idea how this is related, but I've restarted my laptop a few times now and the sound works normally. And when I change it back to the old settings, there's the same problem again.
Can you give some more detailed information about this issue? Complete path to this folder/file.
Full path to the folder was C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ. It was full of other folders, all with similar names like ZZ..Z...Z...Z..Z (different combinations of Zs and periods), and the new ones just kept appearing. Also, it seemed like there was less space on local disk, but I'm not sure about this. After cleaning up some space on my computer, the folder was replaced by the file 3590F75ABA9E485486C100C1A9D4FF06XZRURUNVBZAFAFQC, which later disappeared. And I previously had a file with a similar name, 3590F75ABA9E485486C100C1A9D4FF06CIKFRWNFNGUMLJVK, on local disk, which also disappeared by itself.
About the new $RECYCLE.BIN folder... It looks like it's actually related to Recycle Bin, as its size changes whenever I put something in Recycle Bin or empty it. I archived this folder and inside there's a folder S-1-5-21-1339427262-3479436622-1115934270-1000, and inside this folder is desktop.ini and two .rar archives: $IVUL567.rar and $RVUL567.rar. Do you know what that could be? (I'm probably just paranoid :red:)
Anyway, I did what you said and here's the report:
RKreport
RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Korisnik [Admin rights]
Mode : Remove -- Date : 11/21/2013 20:19:49
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]
[SUSP PATH] afom.exe -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
[RUN][SUSP PATH] HKUS\S-1-5-21-1339427262-3479436622-1115934270-1000\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54323 SCSI Disk Device +++++
--- User ---
[MBR] 295c75d871fcf1297cf1145835049b8e
[BSP] 9dba65ade744a9c0c0256ba54bc190d8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 154900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317442048 | Size: 150243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_11212013_201949.txt >>
RKreport[0]_S_11212013_201612.txt
Hi black_lilies,
I missed this other entry, please re-run RogueKiller.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run RogueKiller
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan.
After the scan has completed click on the Registry tab
Place a check mark next to each of the following entries:
[HJ POL][PUM]HKLM\[...]\System : DisableRegistryTools (0)
If you cannot see the complete line to be selected, place the cursor on the line between "Key" and "Value" menu header.
Left click and drag the window to the right to expand the field.
Use the scroll bar at the bottom of the programs window to view the full path.
Remove the check mark from all other entries listed
Click the Delete button
Click the Report button, save the report to your desktop
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Files
C:\359*ZZZ..Z.....ZZZZZ
:Commands
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ComboFix
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from the following location:
Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
=========================
In your next post please provide the following:
RKreport.txt
OTL fix log
ComboFix.txt
black_lilies
2013-11-22, 18:42
RKreport.txt
RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Korisnik [Admin rights]
Mode : Remove -- Date : 11/22/2013 16:56:05
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]
[SUSP PATH] afom.exe -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
[RUN][SUSP PATH] HKUS\S-1-5-21-1339427262-3479436622-1115934270-1000\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54323 SCSI Disk Device +++++
--- User ---
[MBR] 295c75d871fcf1297cf1145835049b8e
9dba65ade744a9c0c0256ba54bc190d8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 154900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317442048 | Size: 150243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_11222013_165605.txt >>
RKreport[0]_S_11222013_165310.txt
[B]OTL fix log
ComboFix 13-11-22.01 - Korisnik 2.11.2013. 17:12:08.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.1163 [GMT 1:00]
Running from: c:\users\Korisnik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 )))))))))))))))))))))))))))))))
.
.
2013-11-22 16:21 . 2013-11-22 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-22 15:59 . 2013-11-22 15:59 -------- d-----w- C:\_OTL
2013-11-22 15:49 . 2013-11-22 15:49 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\program files\SystemRequirementsLab
2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\users\Korisnik\AppData\Roaming\SystemRequirementsLab
2013-11-19 17:38 . 2013-11-19 17:38 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVAST Software
2013-11-08 08:23 . 2013-11-08 08:23 -------- d-----w- c:\program files\iPod
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 17:31 . 2013-05-21 09:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-19 17:31 . 2013-05-21 09:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-19 17:31 . 2013-05-21 09:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-19 17:31 . 2013-05-21 09:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-19 17:31 . 2013-05-21 09:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-19 17:31 . 2013-05-21 09:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 17:31 . 2013-05-21 09:42 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-19 17:31 . 2013-05-21 09:43 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-19 17:31 . 2013-05-21 09:42 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-19 17:31 . 2013-05-21 09:41 43152 ----a-w- c:\windows\avastSS.scr
2013-10-20 22:50 . 2013-10-20 22:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 21:33 . 2013-05-22 00:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:33 . 2013-05-22 00:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-24 21:41 . 2013-06-27 14:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-24 21:41 . 2013-06-27 14:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-19 17:30 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-09 1591808]
"SearchProtection"="c:\users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09-03 832360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-03-06 5655144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-16 3667600]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-16 71312]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-24 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
.
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
Wipe tray agent 2013.lnk - c:\program files\Wipe 2013\wipetray.exe startup [2013-10-15 216880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21 8443832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-05-08 16:24 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-08-20 110408]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 331080]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-04 351288]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-04 796216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-03-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 532536]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 25656]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13 1830544]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-09-19 209552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 14:44 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 21:33]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://mindmillion.com/inspiration.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-22 17:25:23
ComboFix-quarantined-files.txt 2013-11-22 16:25
.
Pre-Run: 28.180.480.000 bytes free
Post-Run: 27.611.176.960 bytes free
.
- - End Of File - - 2ED1CCC903C1652324DABD71E1DB8279
A36C5E4F47E84449FF07ED3517B43A31
ComboFix.txt
All processes killed
========== FILES ==========
File\Folder C:\359*ZZZ..Z.....ZZZZZ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Korisnik
->Temp folder emptied: 1693123 bytes
->Temporary Internet Files folder emptied: 43111069 bytes
->Java cache emptied: 1566662 bytes
->FireFox cache emptied: 184747730 bytes
->Google Chrome cache emptied: 250598721 bytes
->Flash cache emptied: 1962 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43768 bytes
RecycleBin emptied: 56174202 bytes
Total Files Cleaned = 513,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11222013_165917
Files\Folders moved on Reboot...
C:\Users\Korisnik\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Hi black_lilies,
I know this is a minor detail, but would you kindly post the logs in the sequence requested. It makes reviewing them easier if I don't have to scroll back and forth to see what items have been removed.
I appreciate your cooperation.
= = = = = = = = = = = = = = = = = = = =
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ComboFix Script
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the code-box below into it:
FIREFOX::
FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
FOLDER::
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
=========================
In your next post please provide the following:
ComboFix.txt
black_lilies
2013-11-22, 23:26
Hi, OCD
I know this is a minor detail, but would you kindly post the logs in the sequence requested. It makes reviewing them easier if I don't have to scroll back and forth to see what items have been removed.
I appreciate your cooperation.
I'm so sorry for that, won't do it again :).
Here's the log:
ComboFix 13-11-22.01 - Korisnik 2.11.2013. 21:33:52.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.1323 [GMT 1:00]
Running from: c:\users\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\users\Korisnik\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-
4a75-8e0b-3bd0a464edd2}.xpi
c:\windows\iun6002.exe
c:\windows\system32\FlashPlayerApp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22
)))))))))))))))))))))))))))))))
.
.
2013-11-22 20:42 . 2013-11-22 20:43 -------- d-----w- c:\users\Korisnik\AppData
\Local\temp
2013-11-22 20:42 . 2013-11-22 20:42 -------- d-----w- c:\users\Default\AppData\Local
\temp
2013-11-22 15:59 . 2013-11-22 15:59 -------- d-----w- C:\_OTL
2013-11-22 15:49 . 2013-11-22 15:49 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\program files
\SystemRequirementsLab
2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\users\Korisnik\AppData
\Roaming\SystemRequirementsLab
2013-11-19 17:38 . 2013-11-19 17:38 -------- d-----w- c:\users\Korisnik\AppData
\Roaming\AVAST Software
2013-11-08 08:23 . 2013-11-08 08:23 -------- d-----w- c:\program files\iPod
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\programdata\188F1432-103A-
4ffb-80F1-36B633C5C9E1
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-22 17:09 . 2013-05-22 00:00 71048 ----a-w- c:\windows
\system32\FlashPlayerCPLApp.cpl
2013-11-19 17:31 . 2013-05-21 09:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-19 17:31 . 2013-05-21 09:43 35656 ----a-w- c:\windows\system32\drivers
\aswFsBlk.sys
2013-11-19 17:31 . 2013-05-21 09:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-19 17:31 . 2013-05-21 09:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-19 17:31 . 2013-05-21 09:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-19 17:31 . 2013-05-21 09:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 17:31 . 2013-05-21 09:42 70384 ----a-w- c:\windows\system32\drivers
\aswMonFlt.sys
2013-11-19 17:31 . 2013-05-21 09:43 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-19 17:31 . 2013-05-21 09:42 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-19 17:31 . 2013-05-21 09:41 43152 ----a-w- c:\windows\avastSS.scr
2013-10-20 22:50 . 2013-10-20 22:51 94632 ----a-w- c:\windows
\system32\WindowsAccessBridge.dll
2013-08-24 21:41 . 2013-06-27 14:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-24 21:41 . 2013-06-27 14:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers
\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-19 17:30 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-09
1591808]
"SearchProtection"="c:\users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09
-03 832360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-03-06 5655144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-
12 56128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21
59720]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-16 3667600]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-16 71312]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-24 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
.
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date#
/noconfirmdelete /noprogresswindow [2005-10-20 38912]
Wipe tray agent 2013.lnk - c:\program files\Wipe 2013\wipetray.exe startup [2013-10-15 216880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21
8443832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-05-08 16:24 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update
\jusched.exe
.
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-08-20 110408]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 331080]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22
130152]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24
65152]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys
[2012-07-24 32512]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys
[2012-07-24 88832]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-04 351288]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys
[2012-12-04 796216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25
73984]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys
[2011-10-25 165120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers
\rdpvideominiport.sys [2013-03-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-23
24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 532536]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 25656]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program
files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17
87968]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-
11-21 2571704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage
Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13
1830544]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files
\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe
[2009-01-26 1153368]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-09-19
209552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-
A69D9E530F96}]
2013-11-15 14:44 1210320 ----a-w- c:\program files\Google\Chrome\Application
\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 17:09]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://mindmillion.com/inspiration.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-
8&ilc=12&type=512435&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com; c:\users\Korisnik\AppData
\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions
\notreal.ccoptions@environmentalchemistry.com.xpi
FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Korisnik\AppData
\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-
9b5a22eafe30}.xpi
FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\Korisnik\AppData
\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-
0800200c9a66}.xpi
FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\Korisnik\AppData
\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\Korisnik\AppData
\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-
3bd0a464edd2}.xpi
FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\Korisnik\AppData
\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-
542d9f063dfd}.xpi
FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Korisnik\AppData
\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-
C7398B99391C}.xpi
FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData
\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
FF - ExtSQL: 2013-11-22 20:52; foxcconverter@gmail.com; c:\users\Korisnik\AppData\Roaming\Mozilla
\Firefox\Profiles\x1sb23sa.default\extensions\foxcconverter@gmail.com.xpi
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref
('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js:
extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
FF - user.js: extentions.webcake.defaultEnableAppsList -
layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SouthParkMario2.1 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-22 21:47:19
ComboFix-quarantined-files.txt 2013-11-22 20:47
ComboFix2.txt 2013-11-22 16:25
.
Pre-Run: 27.562.418.176 bytes free
Post-Run: 27.260.485.632 bytes free
.
- - End Of File - - B97B1E0DA2CC988BA47CDC0F651DFB8E
A36C5E4F47E84449FF07ED3517B43A31
Hi black_lilies,
Are any of these folders present:
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
C:\3590F75ABA9E485486C100C1A9D4FF06XZRURUNVBZAFAFQC
C:\3590F75ABA9E485486C100C1A9D4FF06CIKFRWNFNGUMLJVK
= = = = = = = = = = = = = = = = = = = =
I archived this folder and inside there's a folder S-1-5-21-1339427262-3479436622-1115934270-1000, and inside this folder is desktop.ini and two .rar archives: $IVUL567.rar and $RVUL567.rar. Do you know what that could be?
When a user logs onto Windows, they also load their user profile. This profile contains ALL settings for the user to interact with Windows. This ranges in settings from such as the desktop wallpaper to the settings to get the user on the internet.
Windows uses a database, known as the Registry to store all of this info and a lot more also.
In Windows' registry, a user is not know by their name or such, but instead by what is called a Global Unique Identifier (GUID) This is the number you see in your post: S-1-5-21-270858548-4033370624-1180157758-1000
That number can be you! Know your probably saying, "But I see others!" yes you are and let me explain why:
When Windows does various task in the "background" (one you can see running and those you do not know about), such as defragmenting the hard drive, running various services, running anti-virus, etc., all of those programs need 'permission' to run. Because of this, Windows will allow programs to run under user permissions - in essence, those programs are their own user. Now note that this does not mean all programs do, but some do need to do so -and this is what you see in those other "S-" numbers.
But I do not know what the .rar files are. What is a RAR File? - A file with the RAR file extension is a Roshal Archive Compressed file.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Word Wrap in Notepad
Click the Windows Start button.
Enter Notepad into the search box and double-click the application from the list of search results that appears. The Notepad application opens.
Click Format from the main menu in Notepad to display the formatting drop-down menu. You will see a check mark next to the words Word Wrap, which indicates that the Word Wrap feature is currently inserting line endings into your Notepad files.
Click Word Wrap to remove line endings. The check mark that used to appear next to Word Wrap disappears, indicating that you have successfully disabled this feature and removed all line endings from your document.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ComboFix Script
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the code-box below into it:
Firefox::
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
=========================
In your next post please provide the following:
Answers to questions.
Combofix.txt
How is the computer running?
black_lilies
2013-11-23, 03:03
Hi OCD,
Thanks for the explanation. None of the folders are present and the computer is running perfectly, it seems way faster than before, I can't stop wondering, haha. Awesome!
And sorry for the word wrap in the previous log, it really made a mess...
ComboFix 13-11-22.01 - Korisnik 3.11.2013. 0:39.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.1113 [GMT 1:00]
Running from: c:\users\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\users\Korisnik\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 )))))))))))))))))))))))))))))))
.
.
2013-11-22 23:48 . 2013-11-22 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-22 20:47 . 2013-11-22 23:48 -------- d-----w- c:\users\Korisnik\AppData\Local\temp
2013-11-22 15:59 . 2013-11-22 15:59 -------- d-----w- C:\_OTL
2013-11-22 15:49 . 2013-11-22 15:49 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\program files\SystemRequirementsLab
2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\users\Korisnik\AppData\Roaming\SystemRequirementsLab
2013-11-19 17:38 . 2013-11-19 17:38 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVAST Software
2013-11-08 08:23 . 2013-11-08 08:23 -------- d-----w- c:\program files\iPod
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-22 17:09 . 2013-05-22 00:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 17:31 . 2013-05-21 09:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-19 17:31 . 2013-05-21 09:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-19 17:31 . 2013-05-21 09:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-19 17:31 . 2013-05-21 09:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-19 17:31 . 2013-05-21 09:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-19 17:31 . 2013-05-21 09:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 17:31 . 2013-05-21 09:42 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-19 17:31 . 2013-05-21 09:43 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-19 17:31 . 2013-05-21 09:42 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-19 17:31 . 2013-05-21 09:41 43152 ----a-w- c:\windows\avastSS.scr
2013-10-20 22:50 . 2013-10-20 22:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-19 17:30 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-09 1591808]
"SearchProtection"="c:\users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09-03 832360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-03-06 5655144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-16 3667600]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-16 71312]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-24 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
.
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
Wipe tray agent 2013.lnk - c:\program files\Wipe 2013\wipetray.exe startup [2013-10-15 216880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21 8443832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-05-08 16:24 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-08-20 110408]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 331080]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-04 351288]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-04 796216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-03-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 532536]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 25656]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13 1830544]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-09-19 209552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 14:44 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 17:09]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://mindmillion.com/inspiration.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
FF - ExtSQL: 2013-11-22 20:52; foxcconverter@gmail.com; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxcconverter@gmail.com.xpi
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-23 00:52:49
ComboFix-quarantined-files.txt 2013-11-22 23:52
ComboFix2.txt 2013-11-22 20:47
ComboFix3.txt 2013-11-22 16:25
.
Pre-Run: 27.280.228.352 bytes free
Post-Run: 27.216.330.752 bytes free
.
- - End Of File - - 3FFD27ADBA923522144CA5E7B7AC986C
A36C5E4F47E84449FF07ED3517B43A31
Hi black_lilies,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Disable FireFox plug-in
At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance panel.
Select the add-on you wish to disable.
Webcake
Fox Converter
Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware
Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
In your next post please provide the following:
MBAM log
ESET's log.txt
How's the computer running, any symptoms?
black_lilies
2013-11-23, 17:10
Hi OCD,
I don't have these FireFox add-ons, at least I don't see them here. I don't notice any symptoms on my computer, nothing unusual. And I have Croatian version of Malwarebytes, so please ask if you need anything translated...
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verzija baze podataka: v2013.11.23.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Korisnik :: KORISNIK-PC [administrator]
23.11.2013. 13:46:33
mbam-log-2013-11-23 (13-46-33).txt
Tip provjere: Brza provjera
Opcije provjere omogućene: Memorija | Startup | Registri | Sistemske datoteke | Heurestika/Extra | Heurestika/Shuriken | PUP | PUM
Opcije provjere onemogućene: P2P
Provjereni objekti: 209557
Vrijeme trajanja: 14 minuta, 8 sekundi
Detektirani procesi u memoriji: 0
(Zloćudne stavke nisu otkrivene)
Detektirani moduli u memoriji: 0
(Zloćudne stavke nisu otkrivene)
Detektirani ključevi u registru: 3
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Prebačeno u karantenu i uspjeno uklonjeno.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Prebačeno u karantenu i uspjeno uklonjeno.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Prebačeno u karantenu i uspjeno uklonjeno.
Detektirani vrijednosti u registru: 0
(Zloćudne stavke nisu otkrivene)
Detektirani podaci u registru: 0
(Zloćudne stavke nisu otkrivene)
Detektirani direktoriji: 0
(Zloćudne stavke nisu otkrivene)
Detektirane datoteke: 0
(Zloćudne stavke nisu otkrivene)
(kraj)
(So, it says the three detected registry keys were moved to quarantine and successfully removed)
ESET Online Scanner
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/AdWare.1ClickDownload.AP application
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001 Win32/AdWare.1ClickDownload.AP application
C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Korisnik\AppData\Roaming\Search Protection\Uninstall.exe probably a variant of Win32/Toolbar.Widgi application
Operating memory a variant of Win32/Toolbar.Widgi application
Hi black_lilies,
Thank you for the translation for the MBAM scan. :bigthumb:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)
O4 - HKCU..\Run: [SearchProtection] C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
[2013.08.10 13:19:41 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Search Protection
:Files
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\Korisnik\AppData\Roaming\Search Protection
:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchProtection"=-
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool
Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run OTL (it should be located on your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================
In your next post please provide the following:
OTL fix log
AdwCleaner[S0].txt
JRT.txt
Fresh OTL.txt
Any remaining issues?
black_lilies
2013-11-23, 23:37
Hi OCD,
No remaining issues, the computer is running perfectly :).
OTL fix log
All processes killed
========== OTL ==========
No active process named SearchProtection.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE moved successfully.
C:\Users\Korisnik\AppData\Roaming\Search Protection folder moved successfully.
========== FILES ==========
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths folder moved successfully.
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00 folder moved successfully.
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t folder moved successfully.
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000 folder moved successfully.
File\Folder C:\Users\Korisnik\AppData\Roaming\Search Protection not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Search Protection not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SearchProtection not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Korisnik
->Temp folder emptied: 229990 bytes
->Temporary Internet Files folder emptied: 481052 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 296429426 bytes
->Google Chrome cache emptied: 18206285 bytes
->Flash cache emptied: 1120 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9894 bytes
RecycleBin emptied: 85285764 bytes
Total Files Cleaned = 382,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11232013_212916
Files\Folders moved on Reboot...
C:\Users\Korisnik\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
AdwCleaner[S0]
# AdwCleaner v3.012 - Report created 23/11/2013 at 21:45:57
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Korisnik - KORISNIK-PC
# Running from : C:\Users\Korisnik\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Users\Korisnik\AppData\Roaming\NCH Software
File Deleted : C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16576
-\\ Mozilla Firefox v25.0.1 (hr)
[ File : C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\SimpleClocks\prefs.js ]
[ File : C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\prefs.js ]
Line Deleted : user_pref("InFormEnter.1.MenuSet", "sweet_parody%0AEma%0AMajhut%0AEma%20Majhut%0AK.%20Domagoja%201%0AUlica%20kneza%20Domagoja%201%0ABjelovar%0AGare%u0161nica%0A43280%0A099%20686%201856%0Ablack.tralala[...]
Line Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*digg.com/(.{5}|.{6})$|hxxp:[...]
Line Deleted : user_pref("extensions.smarterwiki.search_surfcanyon", false);
Line Deleted : user_pref("extensions.xmarks.user", "({xmarksuserid:\"sweet_sweet\", authtype:\"xmarks\", displayname:\"sweet_sweet\", nativeid:\"sweet_sweet\"})");
Line Deleted : user_pref("extensions.xmarks.username", "sweet_sweet");
Line Deleted : user_pref("extensions.xnotifier.accounts.[gmail#black.tralala.lilies@gmail.com].inboxOnly", true);
Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].cookie", "hxxp://my.yahoo.com/ F=a=QepD8F8MvSpC5IM62xd8RMG2_od_BbEJsfTwHCYv9Er_NFJeFAebZQKxS4OcE8P1lskNRMw-&b=2fxi; expires=Tue,[...]
Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].enabled", true);
Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].inboxOnly", true);
Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].includeSpam", 0);
Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].showFolders", true);
Line Deleted : user_pref("extensions.xnotifier.defaults.yahoo", "sweet_parody@yahoo.com");
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "4c25f721-dde9-4592-8c09-c5e91446a22b");
-\\ Google Chrome v31.0.1650.57
[ File : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3747 octets] - [23/11/2013 21:41:21]
AdwCleaner[S0].txt - [3728 octets] - [23/11/2013 21:45:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3788 octets] ##########
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x86
Ran by Korisnik on sub 23.11.2013. at 21:51:31,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\savefileto@mozdev.org.xpi [Tracur]
Successfully deleted: [File] C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\searchy@searchy.xpi
Successfully deleted the following from C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\prefs.js
user_pref("extensions.TooManyTabs@visibotech.com.recentlyClosedTabs", "[{\"label\":\"Greenpeace Shard demo: What do you think? - Brainstorm\",\"url\":\"hxxp://www.greenpeaceco
user_pref("extensions.rainalarm.location2", "QD78nilS1C4XN2/9i4UHv9Sn0x4=");
user_pref("flagfox.actions", "[{\"name\":\"Geotool\",\"template\":\"hxxp://geoip.flagfox.net/?ip={IPaddress}&host={domainName}\",\"iconclick\":\"click\",\"hotkey\":{\"mods\":\
Emptied folder: C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\minidumps [98 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on sub 23.11.2013. at 21:54:39,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[B]OTL
OTL logfile created on: 23.11.2013. 22:02:34 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
1,89 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 60,76% Memory free
3,78 Gb Paging File | 2,91 Gb Available in Paging File | 76,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,27 Gb Total Space | 25,28 Gb Free Space | 16,71% Space Free | Partition Type: NTFS
Drive D: | 146,72 Gb Total Space | 22,16 Gb Free Space | 15,10% Space Free | Partition Type: NTFS
Computer Name: KORISNIK-PC | User Name: Korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Korisnik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\97c369d03310ac919968cac177d066da\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\d5229063f646936404008f444c533c3b\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\620cea5f6098caaf044d062d8dde6b3d\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\8b9c29dd76473c8230ca379ee39e40e2\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\1eea35376a67d2e807a54ff3fe4b8a56\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\0a4ef3904cfdea04def6af647f619946\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b1f3ea839257551154e34750f26fa33d\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3506b73a7cc2bc014040bdaf42e3c9f2\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4626a29dfa025f702b32e3515de175e3\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7449f505f7fb206101f361c05dd7d9be\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c3b7873af3400562b01878e1dfdb0c59\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\88080c0d9e9709c55aa0494a3b05a1df\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\847c865b860f33a319b2c6906d9a125f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7499b638af35153a97431c42fd16d9cb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78d3cd0fc198e323f3eb0742f23659b2\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ca0ef2ddc840163b27423f6ede4ddb23\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\09a71502394e43062c81789367f22d1e\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (CodeMeter.exe) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (IconMan_R) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (catchme) -- C:\Users\Korisnik\AppData\Local\Temp\catchme.sys File not found
DRV - (TrueSight) -- C:\Windows\System32\TrueSight.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation)
DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation)
DRV - (RSP2STOR) -- C:\Windows\System32\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV - (iaStorA) -- C:\Windows\System32\drivers\iaStorA.sys (Intel Corporation)
DRV - (iaStorF) -- C:\Windows\System32\drivers\iaStorF.sys (Intel Corporation)
DRV - (asmtxhci) -- C:\Windows\System32\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV - (asmthub3) -- C:\Windows\System32\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV - (EtronXHCI) -- C:\Windows\System32\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV - (EtronHub3) -- C:\Windows\System32\drivers\EtronHub3.sys (Etron Technology Inc)
DRV - (EtronSTOR) -- C:\Windows\System32\drivers\EtronSTOR.sys (Etron Technology Inc)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (b06diag) -- C:\Windows\System32\drivers\bxdiagx.sys (Broadcom Corporation)
DRV - (bxois) -- C:\Windows\System32\drivers\bxois.sys (Broadcom Corporation)
DRV - (bxfcoe) -- C:\Windows\System32\drivers\bxfcoe.sys (Broadcom Corporation)
DRV - (BFN7x86) -- C:\Windows\System32\drivers\Xeno7x86.sys (Bigfoot Networks, Inc.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (s125mgmt) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 E0 2F 66 FE 55 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{FFAB1B2F-B3C1-4B3B-8C5B-B07B36694368}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
black_lilies
2013-11-23, 23:43
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=512435"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mindmillion.com/inspiration.html"
FF - prefs.js..extensions.enabledAddons: mintrayr%40tn123.ath.cx:1.1.2
FF - prefs.js..extensions.enabledAddons: organize-search-engines%40maltekraus.de:1.7
FF - prefs.js..extensions.enabledAddons: intgcal%40egarracingteam.com.ar:1.2.0
FF - prefs.js..extensions.enabledAddons: amin.eft_bmnotes%40gmail.com:2.8.1
FF - prefs.js..extensions.enabledAddons: %7B48f91e76-bc5f-45a7-a03a-6b4e7669df90%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7Bc07d1a49-9894-49ff-a594-38960ede8fb9%7D:3.1.12
FF - prefs.js..extensions.enabledAddons: is%40dictionaries.addons.mozilla.org:1.3
FF - prefs.js..extensions.enabledAddons: %7B8B72860F-C5F8-4286-865E-D2C2DB98A9E6%7D:1.2.3
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: format.bar%40codefisher.org:0.1.4.10
FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.4
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: Konverts%40MediaPimp.com:10.3
FF - prefs.js..extensions.enabledAddons: dcct%40mingyi.org:0.27
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7B2f17f610-5e97-4fed-828f-9940b7b577a4%7D:19.0.0
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: cybersearch%40cybernetnews.com:2.8
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.3.0.1
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledAddons: %7B6E21139C-F48B-11DA-B59C-B582C6649067%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: charpick%40ryanium.com:0.4.1
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.20
FF - prefs.js..extensions.enabledAddons: %7Bea61041c-1e22-4400-99a0-aea461e69d04%7D:0.2.3
FF - prefs.js..extensions.enabledAddons: %7Bc72c0c73-4eb0-4fb3-af0f-074e97326cfd%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66%40mozillafirefoxextension:1.0.3
FF - prefs.js..extensions.enabledAddons: ScrollUp%40saplin.com:1.0
FF - prefs.js..extensions.enabledAddons: dragtabasshortcut%40antontitov.com:1.01
FF - prefs.js..extensions.enabledAddons: %7B3bbdd952-cf6f-44a7-9d23-354a8792b598%7D:1.4
FF - prefs.js..extensions.enabledAddons: shortcuts%40khngai.com:1.9
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: savefileto%40mozdev.org:2.5.1
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: rainbow%40colors.org:1.6
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: support%40todoist.com:3.7
FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.5
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.3.1
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B139a120b-c2ea-41d2-bf70-542d9f063dfd%7D:2.04.1
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:24.0.2
FF - prefs.js..extensions.enabledAddons: brief%40mozdev.org:1.7.2
FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.7.14
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.3
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3.9
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.5.3
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.2.1
FF - prefs.js..extensions.enabledAddons: %7B5546F97E-11A5-46b0-9082-32AD74AAA920%7D:0.76
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.15
FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:8.2
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.38.339
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p="
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.11.19 18:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.08.24 22:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.17 10:33:09 | 000,000,000 | ---D | M]
[2013.05.21 10:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Extensions
[2013.11.23 21:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions
[2013.10.02 18:27:24 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013.11.16 22:54:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.07.23 20:21:47 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2013.08.08 00:03:52 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013.07.24 23:11:03 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2013.11.08 02:07:26 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2013.11.02 20:54:53 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013.05.25 17:48:07 | 000,000,000 | ---D | M] ("Converter") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2013.11.01 16:20:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.07.05 00:33:38 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013.07.24 23:10:58 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
[2013.08.12 23:31:02 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2013.05.22 13:36:01 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\amin.eft_bmnotes@gmail.com
[2013.07.24 20:18:22 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\cybersearch@cybernetnews.com
[2013.07.13 10:43:07 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\donottrackplus@abine.com
[2013.05.22 01:00:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\en-US@dictionaries.addons.mozilla.org
[2013.07.24 23:11:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxmarks@kei.com
[2013.10.26 22:16:08 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxyproxy@eric.h.jung
[2013.09.13 22:04:51 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\fr-dicollecte@dictionaries.addons.mozilla.org
[2013.08.20 15:33:39 | 000,000,000 | ---D | M] (Croatian Dictionary (Hrvatski Rjecnik)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\hr-HR-2@dictionaries.addons.mozilla.org
[2013.10.05 21:03:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\https-everywhere@eff.org
[2013.11.22 18:09:43 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\idme@abine.com
[2013.05.24 18:00:28 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\is@dictionaries.addons.mozilla.org
[2013.06.27 16:30:18 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\isreaditlater@ideashower.com
[2013.07.19 08:38:18 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab & More) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\Konverts@MediaPimp.com
[2013.05.22 00:48:56 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\mintrayr@tn123.ath.cx
[2013.09.19 13:45:19 | 000,000,000 | ---D | M] (Rain Alarm Extension) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\rain-alarm@mdiener.de
[2013.07.27 02:38:22 | 000,000,000 | ---D | M] ("TableTools2") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\tabletools2@mingyi.org
[2013.08.16 16:42:27 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.11.07 15:28:35 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2013.08.08 21:30:14 | 000,027,678 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66@mozillafirefoxextension.xpi
[2013.10.18 14:29:17 | 000,246,524 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\brief@mozdev.org.xpi
[2013.07.27 02:38:22 | 000,031,018 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\charpick@ryanium.com.xpi
[2013.08.30 00:37:05 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\client@anonymox.net.xpi
[2013.08.12 16:09:04 | 000,126,982 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\customizable-shortcuts@timtaubert.de.xpi
[2013.07.20 00:13:03 | 000,028,980 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dcct@mingyi.org.xpi
[2013.08.12 15:48:57 | 000,007,979 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dragtabasshortcut@antontitov.com.xpi
[2013.06.26 17:05:52 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\facebook@disconnect.me.xpi
[2013.11.06 18:41:04 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firefox@ghostery.com.xpi
[2013.10.18 14:29:17 | 000,390,473 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firegestures@xuldev.org.xpi
[2013.06.02 12:04:06 | 000,162,728 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\format.bar@codefisher.org.xpi
[2013.11.22 20:52:01 | 000,284,203 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\foxcconverter@gmail.com.xpi
[2013.08.12 16:15:27 | 000,119,451 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\FxExtPasteNGoHtk@github.lostdj.xpi
[2013.05.22 05:19:20 | 000,025,955 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\intgcal@egarracingteam.com.ar.xpi
[2013.05.22 15:14:22 | 000,301,619 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi
[2013.07.23 22:47:42 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013.07.21 11:42:40 | 000,193,117 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-A2AGBH3veL3ZV6GOM159BnxtOjg@jetpack.xpi
[2013.11.06 18:40:58 | 000,568,293 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
[2013.08.17 11:29:38 | 000,168,986 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack.xpi
[2013.07.21 11:42:22 | 000,241,099 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-UPq1qFOINa4blezeJa2DpZKATTo@jetpack.xpi
[2013.09.24 19:02:15 | 000,306,265 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-j3KiX1n7UXrjxQ@jetpack.xpi
[2013.07.21 11:42:48 | 000,300,648 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-sNaADGzvFyhsSA@jetpack.xpi
[2013.10.29 19:55:16 | 000,320,988 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
[2013.11.06 19:51:52 | 000,367,522 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\langpack-hr@firefox.mozilla.org.xpi
[2013.07.24 23:11:03 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\lazarus@interclue.com.xpi
[2013.10.09 21:02:59 | 000,320,474 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\mytube@ashishmishra.in.xpi
[2013.10.11 00:42:49 | 000,159,644 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
[2013.08.07 22:08:26 | 000,010,666 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\noverflow@sdrocking.com.xpi
[2013.05.22 01:03:31 | 000,113,783 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\organize-search-engines@maltekraus.de.xpi
[2013.08.20 15:33:38 | 000,470,162 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rainbow@colors.org.xpi
[2013.08.08 00:03:52 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\requestpolicy@requestpolicy.com.xpi
[2013.05.29 18:55:25 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rssicon@jasnapaka.com.xpi
[2013.08.08 21:30:14 | 000,011,209 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\ScrollUp@saplin.com.xpi
[2013.08.12 16:20:26 | 000,011,724 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\shortcuts@khngai.com.xpi
[2013.11.06 07:39:01 | 000,367,561 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\smarterwiki@wikiatic.com.xpi
[2013.08.27 14:56:58 | 000,011,156 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\support@todoist.com.xpi
[2013.09.08 02:19:10 | 000,160,818 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabscope@xuldev.org.xpi
[2013.07.24 23:11:07 | 000,024,038 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi
[2013.11.16 22:54:02 | 000,059,830 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\zoompage@DW-dev.xpi
[2013.08.05 01:05:34 | 000,475,365 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013.10.02 17:42:45 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.10.05 14:16:11 | 000,132,344 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
[2013.11.22 18:09:41 | 000,382,345 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.10.02 18:27:24 | 000,094,167 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
[2013.10.31 22:49:48 | 000,217,340 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2013.08.12 16:20:26 | 000,015,234 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{3bbdd952-cf6f-44a7-9d23-354a8792b598}.xpi
[2013.05.23 14:22:37 | 000,007,404 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{48f91e76-bc5f-45a7-a03a-6b4e7669df90}.xpi
[2013.10.05 14:25:25 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2013.09.17 11:06:36 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2013.11.05 18:41:03 | 000,243,884 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi
[2013.07.27 02:38:19 | 000,005,533 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{6E21139C-F48B-11DA-B59C-B582C6649067}.xpi
[2013.11.09 16:01:13 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.08.08 00:03:51 | 000,050,761 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
[2013.10.05 14:05:16 | 000,026,163 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
[2013.05.24 09:36:25 | 000,447,526 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
[2013.08.08 00:03:51 | 000,016,921 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi
[2013.06.26 17:05:35 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.10.11 00:42:49 | 001,283,406 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
[2013.07.24 23:10:58 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.10.31 23:59:13 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.08.13 22:02:41 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.10.01 20:17:08 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.07.24 23:10:52 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2013.08.08 00:03:51 | 000,057,752 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
[2013.07.24 22:19:31 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2013.06.26 17:30:02 | 000,000,472 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\10starmoviescom.xml
[2013.10.04 08:49:19 | 000,000,779 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\a-z-lyrics-universe.xml
[2013.06.26 17:35:48 | 000,000,675 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\asian-horror-moviescom.xml
[2013.05.25 21:48:49 | 000,001,500 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\care2.xml
[2013.05.22 02:00:07 | 000,000,949 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\coolinarika.xml
[2013.05.22 03:15:46 | 000,000,984 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\dark-lyrics.xml
[2013.06.07 16:15:19 | 000,000,926 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\deviantart.xml
[2013.08.07 22:24:09 | 000,001,263 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\duckduckgo.xml
[2013.11.05 21:19:47 | 000,000,451 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\easy-pdf-search.xml
[2013.06.19 19:00:36 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\fenopyse.xml
[2013.05.22 00:49:34 | 000,001,635 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\firefox-add-ons.xml
[2013.05.22 03:21:55 | 000,009,117 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\flickr.xml
[2013.08.14 02:29:36 | 000,006,404 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gallica-bnf.xml
[2013.06.02 20:57:36 | 000,000,526 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gazetteer-of-british-place-names.xml
[2013.06.19 15:30:11 | 000,001,733 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\goodsearch.xml
[2013.06.07 12:28:03 | 000,001,712 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-books.xml
[2013.07.23 23:41:12 | 000,001,024 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-pagerank-checker.xml
[2013.05.22 03:22:40 | 000,001,427 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-slike.xml
[2013.07.01 12:01:04 | 000,000,843 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\haro-online--movies.xml
[2013.05.26 17:19:01 | 000,000,773 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hphosts-online.xml
[2013.11.09 19:25:01 | 000,000,856 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hrvatski-jezini-portal.undefined.undefined
[2013.05.24 22:34:33 | 000,000,759 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hubpages.xml
[2013.05.22 01:04:15 | 000,012,707 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\imdb.xml
[2013.08.14 02:45:13 | 000,001,413 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\internet-archive.xml
[2013.07.01 11:06:59 | 000,001,213 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\isohunt.xml
[2013.06.27 12:01:26 | 000,001,374 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ixquick-search-engine.xml
[2013.07.19 23:31:53 | 000,001,419 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\jamie-oliver.xml
[2013.05.22 03:20:30 | 000,001,355 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\kickasstorrents.xml
[2013.06.16 00:32:27 | 000,001,443 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\lastfm.xml
[2013.06.11 15:24:21 | 000,001,464 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\leos-lyrics.xml
[2013.08.14 03:01:18 | 000,001,109 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\librivox-1.xml
[2013.05.29 11:19:21 | 000,000,814 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\merriam-webster-online.xml
[2013.07.01 12:08:05 | 000,001,629 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\monovaorg.xml
[2013.08.24 18:48:32 | 000,001,602 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\mp3skullcom.xml
[2013.11.11 18:25:21 | 000,001,121 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\nameberrycom.undefined.undefined
[2013.07.01 11:12:39 | 000,001,188 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\onebigtorrentorg.xml
[2013.07.01 11:28:11 | 000,001,479 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ovguide.xml
[2013.07.23 23:17:23 | 000,000,795 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\phishtank.xml
[2013.10.05 16:39:15 | 000,000,691 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\podnapisinet.xml
[2013.07.21 13:02:45 | 000,001,603 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\primewire--1channel--letmewatchthis.xml
[2013.06.07 00:29:22 | 000,001,324 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\project-gutenberg.xml
[2013.06.26 16:27:57 | 000,001,869 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ripple.xml
[2013.07.02 20:15:36 | 000,000,918 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\scribd.xml
[2013.05.29 14:11:23 | 000,001,268 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\serious-eats-recipes.xml
[2013.05.22 03:15:07 | 000,000,920 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\songmeanings.xml
[2013.10.05 16:38:39 | 000,001,122 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\subtitlecubecom.xml
[2013.07.23 23:37:12 | 000,000,507 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\sucuri-security--website-malware-scan.xml
[2013.11.05 21:22:36 | 000,001,392 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-audiobook-bay.xml
[2013.07.17 22:11:20 | 000,040,970 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-cornell-lab-of-ornithology.xml
[2013.05.29 11:32:05 | 000,001,110 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-free-dictionary.xml
[2013.05.22 03:19:23 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-pirate-bay.xml
[2013.10.08 22:01:22 | 000,000,666 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\torrentz.xml
[2013.08.17 01:09:37 | 000,001,027 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\urban-dictionary.xml
[2013.08.07 23:44:29 | 000,000,502 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\userscriptsorg.xml
[2013.05.29 11:27:36 | 000,001,588 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\vegan-soapbox.xml
[2013.05.22 06:14:08 | 000,001,231 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wayback-machine.xml
[2013.05.29 10:59:38 | 000,001,818 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikimedia-cookbook.xml
[2013.05.29 10:50:25 | 000,001,266 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikipediaorg.xml
[2013.05.29 10:55:30 | 000,000,557 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikivet.xml
[2013.07.09 22:19:40 | 000,001,318 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wolframalpha.xml
[2013.05.23 22:16:58 | 000,001,791 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wot-web-of-trust.xml
[2013.05.22 01:03:48 | 000,001,136 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\youtube.xml
[2013.11.17 10:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.11.17 10:33:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.08.24 22:42:58 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
File not found (No name found) -- C:\USERS\KORISNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1SB23SA.DEFAULT\EXTENSIONS\SAVEFILETO@MOZDEV.ORG.XPI
[2013.08.24 22:41:59 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Google.hr (Enabled)
CHR - default_search_provider: search_url = https://www.google.hr/search?output=search&sclient=psy-ab&q={searchTerms}&btnG=&oq=&gs_l=&pbx=1
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.hr/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google disk = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google pretrau017Eivanje = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0\
CHR - Extension: Foxy Proxy Standard = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.8_1\
CHR - Extension: avast! Online Security = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: RealDownloader = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Karte = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Nov\u010Danik = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: TS Magic Player = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.29_0\
CHR - Extension: Gmail = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.11.22 21:42:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\e2f45e99-3cd5-48e5-a5a7-81341b74840f.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk = C:\Program Files\Wipe 2013\wipetray.exe (PrivacyRoot.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.11.23 21:51:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.11.23 21:41:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.11.23 21:25:08 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Korisnik\Desktop\JRT.exe
[2013.11.23 18:50:09 | 001,070,944 | ---- | C] (Solid State Networks) -- C:\Users\Korisnik\Desktop\install_flashplayer11x32_mssd_aaa_aih.exe
[2013.11.23 14:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.11.23 00:52:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.11.23 00:49:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.11.22 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Local\temp
[2013.11.22 16:59:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.11.21 20:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013.11.21 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\SystemRequirementsLab
[2013.11.21 20:09:59 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Desktop\RK_Quarantine
[2013.11.20 15:50:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.11.20 15:50:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.11.20 15:50:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.11.20 15:50:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.11.20 15:31:51 | 005,147,802 | R--- | C] (Swearware) -- C:\Users\Korisnik\Desktop\ComboFix.exe
[2013.11.19 18:59:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.19 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
[2013.11.19 18:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013.11.18 23:12:24 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Desktop\Nova mapa
[2013.11.17 10:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.11.15 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.11.08 09:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.11.08 09:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.11.02 20:55:49 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Documents\iMacros
========== Files - Modified Within 30 Days ==========
[2013.11.23 22:06:32 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.23 22:06:32 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.23 22:01:10 | 000,001,020 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk
[2013.11.23 21:59:35 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.23 21:59:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.11.23 21:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.23 21:59:02 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.23 21:32:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.23 21:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.23 21:25:20 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Korisnik\Desktop\JRT.exe
[2013.11.23 21:23:28 | 001,085,542 | ---- | M] () -- C:\Users\Korisnik\Desktop\AdwCleaner.exe
[2013.11.23 18:50:27 | 001,070,944 | ---- | M] (Solid State Networks) -- C:\Users\Korisnik\Desktop\install_flashplayer11x32_mssd_aaa_aih.exe
[2013.11.23 01:07:37 | 000,008,010 | ---- | M] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
[2013.11.23 01:07:37 | 000,002,081 | ---- | M] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
[2013.11.22 21:42:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.11.22 18:09:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.11.22 17:10:13 | 005,147,802 | R--- | M] (Swearware) -- C:\Users\Korisnik\Desktop\ComboFix.exe
[2013.11.22 16:49:57 | 000,026,624 | ---- | M] () -- C:\Windows\System32\TrueSight.sys
[2013.11.21 17:19:22 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.11.20 16:11:42 | 000,666,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.11.20 16:11:42 | 000,127,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.11.20 15:30:23 | 003,679,744 | ---- | M] () -- C:\Users\Korisnik\Desktop\RogueKiller.exe
[2013.11.19 23:02:13 | 000,048,852 | ---- | M] () -- C:\Users\Korisnik\Desktop\kune.jpg
[2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.19 18:31:14 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.11.19 18:31:13 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.11.19 18:31:13 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.11.19 18:31:13 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.11.19 18:31:13 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.11.19 18:31:13 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.11.19 18:31:13 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.11.19 18:31:12 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.11.19 18:31:04 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.11.19 18:25:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
[2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
[2013.11.10 13:47:04 | 000,448,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.11.23 21:59:18 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.11.23 21:22:39 | 001,085,542 | ---- | C] () -- C:\Users\Korisnik\Desktop\AdwCleaner.exe
[2013.11.22 16:49:57 | 000,026,624 | ---- | C] () -- C:\Windows\System32\TrueSight.sys
[2013.11.20 15:50:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.11.20 15:50:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.11.20 15:50:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.11.20 15:50:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.11.20 15:50:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.11.20 15:30:18 | 003,679,744 | ---- | C] () -- C:\Users\Korisnik\Desktop\RogueKiller.exe
[2013.11.19 23:02:00 | 000,048,852 | ---- | C] () -- C:\Users\Korisnik\Desktop\kune.jpg
[2013.11.18 23:02:24 | 000,891,200 | ---- | C] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
[2013.11.06 14:43:35 | 000,002,081 | ---- | C] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
[2013.11.05 21:35:59 | 000,008,010 | ---- | C] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
[2013.10.15 08:42:36 | 000,000,090 | ---- | C] () -- C:\Windows\Philip.INI
[2013.10.15 07:52:46 | 000,000,098 | ---- | C] () -- C:\ProgramData\avalon2.2_WIPE2013.ini
[2013.10.15 07:52:38 | 000,340,992 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.10.15 07:52:34 | 000,340,992 | ---- | C] () -- C:\Windows\sqlite36_engine.dll
[2013.10.06 00:22:20 | 000,200,148 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013.08.17 14:29:27 | 109,026,806 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla.rar
[2013.06.28 17:46:41 | 000,003,342 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\recently-used.xbel
[2013.06.23 15:58:45 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013.06.21 09:54:46 | 000,000,096 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\fusioncache.dat
[2013.06.19 14:41:05 | 000,026,364 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\UserTile.png
[2013.06.19 12:39:35 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2013.06.19 12:34:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\aceg.ini
[2013.05.26 17:10:37 | 000,000,896 | RHS- | C] () -- C:\Users\Korisnik\ntuser.pol
[2013.05.21 10:43:00 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.21 10:42:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.21 10:29:27 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013.05.21 09:28:39 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2013.05.21 09:28:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2013.05.21 09:28:36 | 000,240,004 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.12.14 01:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012.12.14 01:02:20 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.12.14 01:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.12.14 01:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.14 01:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.12.14 01:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
========== ZeroAccess Check ==========
[2012.07.14 18:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Hi black_lilies,
Your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Uninstall Combofix
The following will implement important cleanup procedures as well as reset System Restore points:
Click on the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/start.jpg.html) and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow.
Please note that there is a space between combofix and /uninstall.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/CFwindows-7-start-menu_zps188282d2.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CFwindows-7-start-menu_zps188282d2.jpg.html)
Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.
ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Clean up with OTL:
Right-click OTL.exe select "Run as Administrator" to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Removing/Uninstalling AdwCleaner:
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) You can now delete any tools and/or logs remaining on your desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Disable Java in Web Browsers
There is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html
Click on the Start button and then click on the Control Panel option.
In the Control Panel Search enter Java Control Panel.
Click on the Java icon to open the Java Control Panel.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/javadisable1_zps19e32961.jpg
Disable Java through the Java Control Panel
In the Java Control Panel, click on the Security tab.
Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
Click OK in the Java Plug-in confirmation window.
Restart the browser for changes to take effect.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/javadisable2_zps5a2f5c6d.jpg
=========================
With the above items taken care of let's move on to the All Clean part of the process.
The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Impliment what you need.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
black_lilies
2013-11-24, 01:25
Hi OCD,
Thank you SO MUCH for everything, I will follow your advices in future, and I hope I wasn't too much trouble :). Have a nice day. Bye.
Hi black_lilies,
You are very welcome, glad I was able to help. :bigthumb: Have a great day!
Since this issue appears to be resolved ... this Topic will be closed.