Junior Member
Self-replicating folders
Hi. I'm having some issues on my laptop, some sort of a virus, it seems like it's taking up space on my computer. I had some problems with sound on my laptop today. Everything was fine when I turned the laptop on, but soon I couldn't hear any sound nor play music, I'm not sure if this is related (when I tried to play music, there was an error message that the program was already in use, or something like that). After that I found a folder named 3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ on local disk C:, full of other folders (the number of folders increasing constantly). I cleaned up some space on my laptop, and also used CCleaner, and then the folder was replaced by a file named 3590F75ABA9E485486C100C1A9D4FF06XZRURUNVBZAFAFQC, and later it just disappeared and the sound went back to normal. Also, I had files like that a few times before, but after they disappeared, I thought I removed them with Spybot.
I would be very happy if somebody could help me when you have the time, and thank you in advance .
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.40.2
Run by Korisnik at 22:12:00 on 2013-10-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.943 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Users\Korisnik\AppData\Roaming\Folding@home-x86\FahCore_a4.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_intelx86
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_intelx86
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.hr/
uSearch Bar = about :blank
uSearch Page = about :blank
uSearchURL,(Default) = about :blank
mSearchAssistant = about :blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SearchProtection] "c:\users\korisnik\appdata\roaming\search protection\SearchProtection.EXE" /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\wipetr~1.lnk - c:\program files\wipe 2013\wipetray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7} : DHCPNameServer = 83.139.105.2 83.139.104.2
TCP: Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}\651434F4D40244E2F4E2F4E2 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://amfsa.clicktodonate.org
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-17 12:29; jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack.xpi
FF - ExtSQL: 2013-08-17 13:11; tabscope@xuldev.org ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabscope@xuldev.org.xpi
FF - ExtSQL: 2013-08-17 13:11; rainbow@colors.org ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rainbow@colors.org.xpi
FF - ExtSQL: 2013-08-17 13:11; firegestures@xuldev.org ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firegestures@xuldev.org.xpi
FF - ExtSQL: 2013-08-24 23:42; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-21 177864]
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-9-1 532536]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-9-1 25656]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-21 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-21 369584]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2013-5-21 87968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-21 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-11 46808]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2012-11-21 2571704]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2013-5-21 14904]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2013-5-21 1830544]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-7-17 55104]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\drivers\RtsP2Stor.sys [2013-5-21 209552]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-3-14 552080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2013-2-28 110408]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2013-2-28 331080]
S3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2013-3-14 75816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2013-3-14 130152]
S3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2013-3-14 150568]
S3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2013-3-14 435240]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\system32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2013-2-27 351288]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2013-2-27 796216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2013-2-27 73984]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2013-2-27 165120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-23 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-3-23 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-23 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-3-23 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
.
=============== Created Last 30 ================
.
2013-10-15 06:52:46 -------- d-----w- c:\users\korisnik\appdata\roaming\WIPE2013
2013-10-15 06:52:39 609824 ----a-w- c:\windows\system32\Comctl32.ocx
2013-10-15 06:52:39 163840 ----a-w- c:\windows\system32\temp.000
2013-10-15 06:52:39 1386496 ----a-w- c:\windows\system32\temp.001
2013-10-15 06:52:38 340992 ----a-w- c:\windows\system32\sqlite36_engine.dll
2013-10-15 06:52:34 501248 ----a-w- c:\windows\system32\dhRichClient3.dll
2013-10-15 06:52:34 340992 ----a-w- c:\windows\sqlite36_engine.dll
2013-10-15 06:52:34 -------- d-----w- c:\program files\Wipe 2013
2013-10-15 06:39:18 -------- d-----w- c:\program files\SpeedFan
2013-10-15 06:34:43 -------- d-----w- c:\program files\Free Driver Backup
2013-10-13 21:46:31 -------- d-----w- c:\users\korisnik\appdata\roaming\IrfanView
2013-10-13 21:46:26 -------- d-----w- c:\program files\IrfanView
2013-10-04 06:28:28 -------- d-----w- c:\program files\iPod
2013-10-04 06:28:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-04 06:28:23 -------- d-----w- c:\program files\iTunes
2013-09-21 22:45:54 -------- d-----w- c:\programdata\Oracle
2013-09-21 22:18:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-10-08 21:33:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:33:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 22:17:42 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-21 22:17:42 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:12 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
2013-08-24 21:41:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-24 21:41:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-07-23 23:09:32 0 ----a-w- c:\windows\system32\FAP92BD.tmp
2013-07-23 22:40:28 0 ----a-w- c:\windows\system32\FAPF718.tmp
2013-07-23 22:40:27 0 ----a-w- c:\windows\system32\FAPF4E4.tmp
2013-07-23 22:40:27 0 ----a-w- c:\windows\system32\FAPF188.tmp
2013-07-23 22:40:26 0 ----a-w- c:\windows\system32\FAPEFC2.tmp
2013-07-23 22:40:07 0 ----a-w- c:\windows\system32\FAPA46E.tmp
2013-07-23 22:39:15 0 ----a-w- c:\windows\system32\FAPDB54.tmp
2013-07-23 22:39:15 0 ----a-w- c:\windows\system32\FAPD9EB.tmp
2013-07-23 22:39:14 0 ----a-w- c:\windows\system32\FAPD72B.tmp
2013-07-23 22:39:09 0 ----a-w- c:\windows\system32\FAPC399.tmp
2013-07-23 22:38:52 0 ----a-w- c:\windows\system32\FAP8080.tmp
2013-07-23 22:38:51 0 ----a-w- c:\windows\system32\FAP7DEE.tmp
2013-07-23 22:38:43 0 ----a-w- c:\windows\system32\FAP5D91.tmp
2013-07-23 22:38:43 0 ----a-w- c:\windows\system32\FAP5B6D.tmp
2013-07-23 22:38:42 0 ----a-w- c:\windows\system32\FAP5A14.tmp
2013-07-23 22:36:42 0 ----a-w- c:\windows\system32\FAP8362.tmp
2013-07-23 22:36:41 0 ----a-w- c:\windows\system32\FAP8238.tmp
2013-07-23 22:36:41 0 ----a-w- c:\windows\system32\FAP8052.tmp
2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAPF15.tmp
2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAPDCC.tmp
2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAP108E.tmp
2013-07-23 22:35:54 0 ----a-w- c:\windows\system32\FAPC7A6.tmp
2013-07-23 22:35:53 0 ----a-w- c:\windows\system32\FAPC66C.tmp
2013-07-23 22:35:53 0 ----a-w- c:\windows\system32\FAPC532.tmp
2013-07-23 22:32:22 0 ----a-w- c:\windows\system32\FAP8CE2.tmp
2013-07-23 22:32:21 0 ----a-w- c:\windows\system32\FAP8957.tmp
2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPCB15.tmp
2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPC9DB.tmp
2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPC8C0.tmp
2013-07-23 22:30:41 0 ----a-w- c:\windows\system32\FAPCF.tmp
2013-07-23 22:30:41 0 ----a-w- c:\windows\system32\FAP50.tmp
2013-07-23 22:30:40 0 ----a-w- c:\windows\system32\FAPFEA9.tmp
2013-07-23 22:30:33 0 ----a-w- c:\windows\system32\FAPE35A.tmp
2013-07-23 22:30:32 0 ----a-w- c:\windows\system32\FAPE0E8.tmp
2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPC184.tmp
2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPC01B.tmp
2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPBEF0.tmp
2013-07-23 22:29:22 0 ----a-w- c:\windows\system32\FAPCE4A.tmp
2013-07-23 22:29:22 0 ----a-w- c:\windows\system32\FAPCDAC.tmp
2013-07-23 22:29:21 0 ----a-w- c:\windows\system32\FAPCB49.tmp
2013-07-23 22:28:38 0 ----a-w- c:\windows\system32\FAP223D.tmp
2013-07-23 22:28:38 0 ----a-w- c:\windows\system32\FAP20B5.tmp
2013-07-23 22:28:37 0 ----a-w- c:\windows\system32\FAP1EEE.tmp
2013-07-23 22:27:42 0 ----a-w- c:\windows\system32\FAP486C.tmp
2013-07-23 22:27:41 0 ----a-w- c:\windows\system32\FAP4493.tmp
2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPE301.tmp
2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPE16A.tmp
2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPDF55.tmp
2013-07-23 22:18:39 0 ----a-w- c:\windows\system32\FAPFC07.tmp
2013-07-23 22:18:38 0 ----a-w- c:\windows\system32\FAPFAAE.tmp
2013-07-23 22:18:38 0 ----a-w- c:\windows\system32\FAPF84B.tmp
2013-07-23 22:17:47 0 ----a-w- c:\windows\system32\FAP3182.tmp
2013-07-23 22:17:46 0 ----a-w- c:\windows\system32\FAP2E26.tmp
2013-07-23 22:17:45 0 ----a-w- c:\windows\system32\FAP2B46.tmp
.
============= FINISH: 22:13:53,56 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-16 22:59:41
-----------------------------
22:59:41.214 OS Version: Windows 6.1.7601 Service Pack 1
22:59:41.214 Number of processors: 2 586 0x2A07
22:59:41.216 ComputerName: KORISNIK-PC UserName: Korisnik
22:59:43.373 Initialize success
22:59:45.982 AVAST engine defs: 13101600
23:00:07.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
23:00:07.135 Disk 0 Vendor: ATA_____ A60W Size: 305245MB BusType: 11
23:00:07.253 Disk 0 MBR read successfully
23:00:07.256 Disk 0 MBR scan
23:00:07.261 Disk 0 Windows 7 default MBR code
23:00:07.274 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:00:07.291 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 154900 MB offset 206848
23:00:07.315 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150243 MB offset 317442048
23:00:07.321 Disk 0 scanning sectors +625139712
23:00:07.544 Disk 0 scanning C:\Windows\system32\drivers
23:00:28.037 Service scanning
23:01:07.740 Modules scanning
23:01:20.279 Disk 0 trace - called modules:
23:01:20.302 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
23:01:20.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d7a030]
23:01:20.315 3 CLASSPNP.SYS[891ba59e] -> nt!IofCallDriver -> [0x87d79260]
23:01:20.321 5 iaStorF.sys[89211138] -> nt!IofCallDriver -> \Device\00000069[0x86154520]
23:01:22.201 AVAST engine scan C:\Windows
23:01:24.590 AVAST engine scan C:\Windows\system32
23:04:47.816 AVAST engine scan C:\Windows\system32\drivers
23:05:08.873 AVAST engine scan C:\Users\Korisnik
23:08:35.423 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
23:08:35.434 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"
Čestitke!: Nisu nađeni spybotovi. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-07-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-10-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-10-01 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-10-08 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-08-13 Includes\TrojansC-02.sbi (*)
2013-10-07 Includes\TrojansC-03.sbi (*)
2013-10-16 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Attached Files
Hi black_lilies ,
Sorry for the extended delay in responding to your thread. It has been quite some time since your original scans we run and posted. Please run these tools and post the corresponding logs.
=========================
Security Check
Download Security Check by screen317 from here or here .
Save it to your Desktop.
Windows XP : Double click on the icon to run it .Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" A Notepad document should open automatically called checkup.txt ; please post the contents of that document.
=========================
aswMBR
Download aswMBR.exe and save it to your desktop.
Windows XP : Double click on the icon to run it .Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" When asked if you want to download Avast's virus definitions please select Yes . Click Scan Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet. You will also notice another file created on the desktop named MBR.dat . Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
OTL
Download OTL to your desktop.
Make sure all other windows are closed and to let it run uninterrupted.
Windows XP : Double click on the icon to run it .Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" When the window appears, underneath Output at the top change it to Minimal Output . Check the boxes beside LOP Check and Purity Check . Under Custom Scan paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt . These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
=========================
In your next post please provide the following :
checkup.txt aswMBR.txt attach MBR.zipOTL.txt Extras.txt
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Junior Member
checkup.txt
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java 7 Update 45
Java SE Development Kit 7 Update 21
Adobe Flash Player 11.9.900.117
Mozilla Firefox (25.0.1)
Google Chrome 30.0.1599.101
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
aswMBR.txt
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-19 18:57:20
-----------------------------
18:57:20.595 OS Version: Windows 6.1.7601 Service Pack 1
18:57:20.595 Number of processors: 2 586 0x2A07
18:57:20.595 ComputerName: KORISNIK-PC UserName: Korisnik
18:57:21.578 Initialize success
18:57:23.044 AVAST engine defs: 13111801
19:00:03.544 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
19:00:03.544 Disk 0 Vendor: ATA_____ A60W Size: 305245MB BusType: 11
19:00:03.980 Disk 0 MBR read successfully
19:00:03.996 Disk 0 MBR scan
19:00:03.996 Disk 0 Windows 7 default MBR code
19:00:04.012 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:00:04.027 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 154900 MB offset 206848
19:00:04.058 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150243 MB offset 317442048
19:00:04.058 Disk 0 scanning sectors +625139712
19:00:04.511 Disk 0 scanning C:\Windows\system32\drivers
19:00:18.239 Service scanning
19:00:57.614 Modules scanning
19:01:34.244 Disk 0 trace - called modules:
19:01:34.790 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
19:01:34.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d7f030]
19:01:34.806 3 CLASSPNP.SYS[891d659e] -> nt!IofCallDriver -> [0x87d7e6c0]
19:01:34.806 5 iaStorF.sys[8921e138] -> nt!IofCallDriver -> \Device\0000006a[0x860fec68]
19:01:35.180 AVAST engine scan C:\Windows
19:01:42.575 AVAST engine scan C:\Windows\system32
19:04:58.014 AVAST engine scan C:\Windows\system32\drivers
19:05:17.592 AVAST engine scan C:\Users\Korisnik
19:20:08.572 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
19:20:08.915 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"
19:20:50.817 AVAST engine scan C:\ProgramData
19:23:35.340 Scan finished successfully
19:25:54.388 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
19:25:54.404 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"
OTL.txt
OTL logfile created on: 19.11.2013. 19:33:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
1,89 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 65,61% Memory free
3,78 Gb Paging File | 2,64 Gb Available in Paging File | 69,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,27 Gb Total Space | 22,35 Gb Free Space | 14,77% Space Free | Partition Type: NTFS
Drive D: | 146,72 Gb Total Space | 27,30 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
Computer Name: KORISNIK-PC | User Name: Korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Korisnik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Wipe 2013\wipetray.exe (PrivacyRoot.com)
PRC - C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\ProgramData\BOINC\slots\1\ce5.exe ()
PRC - C:\ProgramData\BOINC\slots\0\ce5.exe ()
PRC - C:\ProgramData\BOINC\projects\work.charityengine.com\ce-generic-wrapper-0001_windows_intelx86.exe ()
PRC - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe (IDEVFH)
PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
PRC - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinc.exe (Space Sciences Laboratory)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Wipe 2013\MD5.dll ()
MOD - C:\ProgramData\BOINC\slots\1\ce5.exe ()
MOD - C:\ProgramData\BOINC\slots\0\ce5.exe ()
MOD - C:\ProgramData\BOINC\projects\work.charityengine.com\ce-generic-wrapper-0001_windows_intelx86.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\97c369d03310ac919968cac177d066da\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\d5229063f646936404008f444c533c3b\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\620cea5f6098caaf044d062d8dde6b3d\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\8b9c29dd76473c8230ca379ee39e40e2\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\1eea35376a67d2e807a54ff3fe4b8a56\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\0a4ef3904cfdea04def6af647f619946\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b1f3ea839257551154e34750f26fa33d\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3506b73a7cc2bc014040bdaf42e3c9f2\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4626a29dfa025f702b32e3515de175e3\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7449f505f7fb206101f361c05dd7d9be\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c3b7873af3400562b01878e1dfdb0c59\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\88080c0d9e9709c55aa0494a3b05a1df\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\847c865b860f33a319b2c6906d9a125f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7499b638af35153a97431c42fd16d9cb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78d3cd0fc198e323f3eb0742f23659b2\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ca0ef2ddc840163b27423f6ede4ddb23\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\09a71502394e43062c81789367f22d1e\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Program Files\BOINC\zlib1.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (CodeMeter.exe) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (IconMan_R) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (aswMBR) -- C:\Users\Korisnik\AppData\Local\Temp\aswMBR.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation)
DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation)
DRV - (RSP2STOR) -- C:\Windows\System32\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV - (iaStorA) -- C:\Windows\System32\drivers\iaStorA.sys (Intel Corporation)
DRV - (iaStorF) -- C:\Windows\System32\drivers\iaStorF.sys (Intel Corporation)
DRV - (asmtxhci) -- C:\Windows\System32\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV - (asmthub3) -- C:\Windows\System32\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV - (EtronXHCI) -- C:\Windows\System32\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV - (EtronHub3) -- C:\Windows\System32\drivers\EtronHub3.sys (Etron Technology Inc)
DRV - (EtronSTOR) -- C:\Windows\System32\drivers\EtronSTOR.sys (Etron Technology Inc)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (b06diag) -- C:\Windows\System32\drivers\bxdiagx.sys (Broadcom Corporation)
DRV - (bxois) -- C:\Windows\System32\drivers\bxois.sys (Broadcom Corporation)
DRV - (bxfcoe) -- C:\Windows\System32\drivers\bxfcoe.sys (Broadcom Corporation)
DRV - (BFN7x86) -- C:\Windows\System32\drivers\Xeno7x86.sys (Bigfoot Networks, Inc.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (s125mgmt) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about :blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about :blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 E0 2F 66 FE 55 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{FFAB1B2F-B3C1-4B3B-8C5B-B07B36694368}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=512435"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mindmillion.com/inspiration.html"
FF - prefs.js..extensions.enabledAddons: mintrayr%40tn123.ath.cx:1.1.2
FF - prefs.js..extensions.enabledAddons: organize-search-engines%40maltekraus.de:1.7
FF - prefs.js..extensions.enabledAddons: intgcal%40egarracingteam.com.ar:1.2.0
FF - prefs.js..extensions.enabledAddons: amin.eft_bmnotes%40gmail.com:2.8.1
FF - prefs.js..extensions.enabledAddons: %7B48f91e76-bc5f-45a7-a03a-6b4e7669df90%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7Bc07d1a49-9894-49ff-a594-38960ede8fb9%7D:3.1.12
FF - prefs.js..extensions.enabledAddons: is%40dictionaries.addons.mozilla.org:1.3
FF - prefs.js..extensions.enabledAddons: %7B8B72860F-C5F8-4286-865E-D2C2DB98A9E6%7D:1.2.3
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: format.bar%40codefisher.org:0.1.4.10
FF - prefs.js..extensions.enabledAddons: tabforacause%40tabforacause.org:4.1.0
FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.4
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: Konverts%40MediaPimp.com:10.3
FF - prefs.js..extensions.enabledAddons: dcct%40mingyi.org:0.27
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7B2f17f610-5e97-4fed-828f-9940b7b577a4%7D:19.0.0
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: cybersearch%40cybernetnews.com:2.8
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.3.0.1
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledAddons: %7B6E21139C-F48B-11DA-B59C-B582C6649067%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: charpick%40ryanium.com:0.4.1
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.20
FF - prefs.js..extensions.enabledAddons: %7Bea61041c-1e22-4400-99a0-aea461e69d04%7D:0.2.3
FF - prefs.js..extensions.enabledAddons: %7Bc72c0c73-4eb0-4fb3-af0f-074e97326cfd%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66%40mozillafirefoxextension:1.0.3
FF - prefs.js..extensions.enabledAddons: ScrollUp%40saplin.com:1.0
FF - prefs.js..extensions.enabledAddons: dragtabasshortcut%40antontitov.com:1.01
FF - prefs.js..extensions.enabledAddons: %7B3bbdd952-cf6f-44a7-9d23-354a8792b598%7D:1.4
FF - prefs.js..extensions.enabledAddons: shortcuts%40khngai.com:1.9
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: savefileto%40mozdev.org:2.5.1
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: rainbow%40colors.org:1.6
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: support%40todoist.com:3.7
FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.5
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.3.1
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B139a120b-c2ea-41d2-bf70-542d9f063dfd%7D:2.04.1
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:24.0.2
FF - prefs.js..extensions.enabledAddons: brief%40mozdev.org:1.7.2
FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.7.14
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.35.335
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.3
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.94
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3.9
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.5.3
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.2.1
FF - prefs.js..extensions.enabledAddons: %7B5546F97E-11A5-46b0-9082-32AD74AAA920%7D:0.76
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.15
FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:8.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p="
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.11.19 18:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.08.24 22:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.17 10:33:09 | 000,000,000 | ---D | M]
[2013.05.21 10:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Extensions
[2013.11.16 22:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions
[2013.10.02 18:27:24 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013.11.16 22:54:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.07.23 20:21:47 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2013.08.08 00:03:52 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013.07.24 23:11:03 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2013.11.08 02:07:26 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2013.11.02 20:54:53 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013.05.25 17:48:07 | 000,000,000 | ---D | M] ("Converter") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2013.11.01 16:20:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.07.05 00:33:38 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013.07.24 23:10:58 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
[2013.08.12 23:31:02 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2013.05.22 13:36:01 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\amin.eft_bmnotes@gmail.com
[2013.07.24 20:18:22 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\cybersearch@cybernetnews.com
[2013.07.13 10:43:07 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\donottrackplus@abine.com
[2013.05.22 01:00:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\en-US@dictionaries.addons.mozilla.org
[2013.07.24 23:11:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxmarks@kei.com
[2013.10.26 22:16:08 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxyproxy@eric.h.jung
[2013.09.13 22:04:51 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\fr-dicollecte@dictionaries.addons.mozilla.org
[2013.08.20 15:33:39 | 000,000,000 | ---D | M] (Croatian Dictionary (Hrvatski Rjecnik)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\hr-HR-2@dictionaries.addons.mozilla.org
[2013.10.05 21:03:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\https-everywhere@eff.org
[2013.10.25 15:27:40 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\idme@abine.com
[2013.05.24 18:00:28 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\is@dictionaries.addons.mozilla.org
[2013.06.27 16:30:18 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\isreaditlater@ideashower.com
[2013.07.19 08:38:18 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab & More) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\Konverts@MediaPimp.com
[2013.05.22 00:48:56 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\mintrayr@tn123.ath.cx
[2013.09.19 13:45:19 | 000,000,000 | ---D | M] (Rain Alarm Extension) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\rain-alarm@mdiener.de
[2013.07.27 02:38:22 | 000,000,000 | ---D | M] ("TableTools2") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\tabletools2@mingyi.org
[2013.08.16 16:42:27 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.11.07 15:28:35 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2013.08.08 21:30:14 | 000,027,678 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66@mozillafirefoxextension.xpi
[2013.10.18 14:29:17 | 000,246,524 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\brief@mozdev.org.xpi
[2013.07.27 02:38:22 | 000,031,018 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\charpick@ryanium.com.xpi
[2013.08.30 00:37:05 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\client@anonymox.net.xpi
[2013.08.12 16:09:04 | 000,126,982 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\customizable-shortcuts@timtaubert.de.xpi
[2013.07.20 00:13:03 | 000,028,980 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dcct@mingyi.org.xpi
[2013.08.12 15:48:57 | 000,007,979 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dragtabasshortcut@antontitov.com.xpi
[2013.06.26 17:05:52 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\facebook@disconnect.me.xpi
[2013.11.06 18:41:04 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firefox@ghostery.com.xpi
[2013.10.18 14:29:17 | 000,390,473 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firegestures@xuldev.org.xpi
[2013.06.02 12:04:06 | 000,162,728 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\format.bar@codefisher.org.xpi
[2013.08.12 16:15:27 | 000,119,451 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\FxExtPasteNGoHtk@github.lostdj.xpi
[2013.05.22 05:19:20 | 000,025,955 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\intgcal@egarracingteam.com.ar.xpi
[2013.05.22 15:14:22 | 000,301,619 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi
[2013.07.23 22:47:42 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013.07.21 11:42:40 | 000,193,117 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-A2AGBH3veL3ZV6GOM159BnxtOjg@jetpack.xpi
[2013.11.06 18:40:58 | 000,568,293 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
[2013.08.17 11:29:38 | 000,168,986 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack.xpi
[2013.07.21 11:42:22 | 000,241,099 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-UPq1qFOINa4blezeJa2DpZKATTo@jetpack.xpi
[2013.09.24 19:02:15 | 000,306,265 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-j3KiX1n7UXrjxQ@jetpack.xpi
[2013.07.21 11:42:48 | 000,300,648 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-sNaADGzvFyhsSA@jetpack.xpi
[2013.10.29 19:55:16 | 000,320,988 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
[2013.11.06 19:51:52 | 000,367,522 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\langpack-hr@firefox.mozilla.org.xpi
[2013.07.24 23:11:03 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\lazarus@interclue.com.xpi
[2013.10.09 21:02:59 | 000,320,474 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\mytube@ashishmishra.in.xpi
[2013.10.11 00:42:49 | 000,159,644 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
[2013.08.07 22:08:26 | 000,010,666 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\noverflow@sdrocking.com.xpi
[2013.05.22 01:03:31 | 000,113,783 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\organize-search-engines@maltekraus.de.xpi
[2013.08.20 15:33:38 | 000,470,162 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rainbow@colors.org.xpi
[2013.08.08 00:03:52 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\requestpolicy@requestpolicy.com.xpi
[2013.05.29 18:55:25 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rssicon@jasnapaka.com.xpi
[2013.08.16 12:10:37 | 000,123,257 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\savefileto@mozdev.org.xpi
[2013.08.08 21:30:14 | 000,011,209 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\ScrollUp@saplin.com.xpi
[2013.07.22 22:47:44 | 000,121,779 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\searchy@searchy.xpi
[2013.08.12 16:20:26 | 000,011,724 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\shortcuts@khngai.com.xpi
[2013.11.06 07:39:01 | 000,367,561 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\smarterwiki@wikiatic.com.xpi
[2013.08.27 14:56:58 | 000,011,156 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\support@todoist.com.xpi
[2013.06.08 15:52:23 | 000,292,666 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabforacause@tabforacause.org.xpi
[2013.09.08 02:19:10 | 000,160,818 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabscope@xuldev.org.xpi
[2013.07.24 23:11:07 | 000,024,038 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi
[2013.11.16 22:54:02 | 000,059,830 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\zoompage@DW-dev.xpi
[2013.08.05 01:05:34 | 000,475,365 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013.10.02 17:42:45 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.10.05 14:16:11 | 000,132,344 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
[2013.10.18 21:19:05 | 000,023,107 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
[2013.10.31 22:49:49 | 000,381,472 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.10.02 18:27:24 | 000,094,167 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
[2013.10.31 22:49:48 | 000,217,340 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2013.08.12 16:20:26 | 000,015,234 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{3bbdd952-cf6f-44a7-9d23-354a8792b598}.xpi
[2013.05.23 14:22:37 | 000,007,404 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{48f91e76-bc5f-45a7-a03a-6b4e7669df90}.xpi
[2013.10.05 14:25:25 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2013.09.17 11:06:36 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2013.11.05 18:41:03 | 000,243,884 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi
[2013.07.27 02:38:19 | 000,005,533 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{6E21139C-F48B-11DA-B59C-B582C6649067}.xpi
[2013.11.09 16:01:13 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.08.08 00:03:51 | 000,050,761 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
[2013.10.05 14:05:16 | 000,026,163 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
[2013.05.24 09:36:25 | 000,447,526 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
[2013.08.08 00:03:51 | 000,016,921 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi
[2013.06.26 17:05:35 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.10.11 00:42:49 | 001,283,406 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
[2013.07.24 23:10:58 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.10.31 23:59:13 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.08.13 22:02:41 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.10.01 20:17:08 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.07.24 23:10:52 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2013.08.08 00:03:51 | 000,057,752 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
[2013.07.24 22:19:31 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2013.06.26 17:30:02 | 000,000,472 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\10starmoviescom.xml
[2013.10.04 08:49:19 | 000,000,779 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\a-z-lyrics-universe.xml
[2013.06.26 17:35:48 | 000,000,675 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\asian-horror-moviescom.xml
[2013.05.25 21:48:49 | 000,001,500 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\care2.xml
[2013.05.22 02:00:07 | 000,000,949 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\coolinarika.xml
[2013.05.22 03:15:46 | 000,000,984 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\dark-lyrics.xml
[2013.06.07 16:15:19 | 000,000,926 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\deviantart.xml
[2013.08.07 22:24:09 | 000,001,263 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\duckduckgo.xml
[2013.11.05 21:19:47 | 000,000,451 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\easy-pdf-search.xml
[2013.06.19 19:00:36 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\fenopyse.xml
[2013.05.22 00:49:34 | 000,001,635 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\firefox-add-ons.xml
[2013.05.22 03:21:55 | 000,009,117 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\flickr.xml
[2013.08.14 02:29:36 | 000,006,404 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gallica-bnf.xml
[2013.06.02 20:57:36 | 000,000,526 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gazetteer-of-british-place-names.xml
[2013.06.19 15:30:11 | 000,001,733 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\goodsearch.xml
[2013.06.07 12:28:03 | 000,001,712 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-books.xml
[2013.07.23 23:41:12 | 000,001,024 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-pagerank-checker.xml
[2013.05.22 03:22:40 | 000,001,427 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-slike.xml
[2013.07.01 12:01:04 | 000,000,843 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\haro-online--movies.xml
[2013.05.26 17:19:01 | 000,000,773 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hphosts-online.xml
[2013.11.09 19:25:01 | 000,000,856 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hrvatski-jezini-portal.undefined.undefined
[2013.05.24 22:34:33 | 000,000,759 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hubpages.xml
[2013.05.22 01:04:15 | 000,012,707 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\imdb.xml
[2013.08.14 02:45:13 | 000,001,413 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\internet-archive.xml
[2013.07.01 11:06:59 | 000,001,213 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\isohunt.xml
[2013.06.27 12:01:26 | 000,001,374 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ixquick-search-engine.xml
[2013.07.19 23:31:53 | 000,001,419 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\jamie-oliver.xml
[2013.05.22 03:20:30 | 000,001,355 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\kickasstorrents.xml
[2013.06.16 00:32:27 | 000,001,443 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\lastfm.xml
[2013.06.11 15:24:21 | 000,001,464 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\leos-lyrics.xml
[2013.08.14 03:01:18 | 000,001,109 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\librivox-1.xml
[2013.05.29 11:19:21 | 000,000,814 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\merriam-webster-online.xml
[2013.07.01 12:08:05 | 000,001,629 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\monovaorg.xml
[2013.08.24 18:48:32 | 000,001,602 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\mp3skullcom.xml
[2013.11.11 18:25:21 | 000,001,121 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\nameberrycom.undefined.undefined
[2013.07.01 11:12:39 | 000,001,188 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\onebigtorrentorg.xml
[2013.07.01 11:28:11 | 000,001,479 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ovguide.xml
[2013.07.23 23:17:23 | 000,000,795 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\phishtank.xml
[2013.10.05 16:39:15 | 000,000,691 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\podnapisinet.xml
[2013.07.21 13:02:45 | 000,001,603 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\primewire--1channel--letmewatchthis.xml
[2013.06.07 00:29:22 | 000,001,324 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\project-gutenberg.xml
[2013.06.26 16:27:57 | 000,001,869 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ripple.xml
[2013.07.02 20:15:36 | 000,000,918 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\scribd.xml
[2013.05.29 14:11:23 | 000,001,268 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\serious-eats-recipes.xml
[2013.05.22 03:15:07 | 000,000,920 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\songmeanings.xml
[2013.10.05 16:38:39 | 000,001,122 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\subtitlecubecom.xml
[2013.07.23 23:37:12 | 000,000,507 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\sucuri-security--website-malware-scan.xml
[2013.11.05 21:22:36 | 000,001,392 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-audiobook-bay.xml
[2013.07.17 22:11:20 | 000,040,970 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-cornell-lab-of-ornithology.xml
[2013.05.29 11:32:05 | 000,001,110 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-free-dictionary.xml
[2013.05.22 03:19:23 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-pirate-bay.xml
[2013.10.08 22:01:22 | 000,000,666 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\torrentz.xml
[2013.08.17 01:09:37 | 000,001,027 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\urban-dictionary.xml
[2013.08.07 23:44:29 | 000,000,502 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\userscriptsorg.xml
[2013.05.29 11:27:36 | 000,001,588 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\vegan-soapbox.xml
[2013.05.22 06:14:08 | 000,001,231 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wayback-machine.xml
[2013.05.29 10:59:38 | 000,001,818 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikimedia-cookbook.xml
[2013.05.29 10:50:25 | 000,001,266 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikipediaorg.xml
[2013.05.29 10:55:30 | 000,000,557 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikivet.xml
[2013.07.09 22:19:40 | 000,001,318 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wolframalpha.xml
[2013.05.23 22:16:58 | 000,001,791 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wot-web-of-trust.xml
[2013.05.22 01:03:48 | 000,001,136 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\youtube.xml
[2013.11.17 10:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.11.17 10:33:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.11.19 18:31:19 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.08.24 22:42:58 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013.08.24 22:41:59 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Google.hr (Enabled)
CHR - default_search_provider: search_url = https://www.google.hr/search?output=search&sclient=psy-ab&q={searchTerms}&btnG=&oq=&gs_l=&pbx=1
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.hr/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google disk = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google pretrau017Eivanje = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0\
CHR - Extension: Foxy Proxy Standard = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.8_1\
CHR - Extension: avast! Online Security = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: ProxMate - Improve your Internet! = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.4.3_0\
CHR - Extension: RealDownloader = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Karte = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Nov\u010Danik = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: TS Magic Player = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.29_0\
CHR - Extension: Gmail = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
Attached Files
Junior Member
O1 HOSTS File: ([2013.08.09 08:09:58 | 000,450,636 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - HKCU..\Run: [SearchProtection] C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk = C:\Program Files\Wipe 2013\wipetray.exe (PrivacyRoot.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.11.19 18:59:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.19 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
[2013.11.19 18:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013.11.18 23:12:24 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Desktop\Nova mapa
[2013.11.17 10:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.11.15 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.11.08 09:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.11.08 09:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.11.02 20:55:49 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Documents\iMacros
[2013.10.20 23:51:16 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.10.20 23:51:05 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.10.20 23:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.10.20 23:51:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.10.20 23:51:04 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[54 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.11.19 19:32:11 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.19 19:31:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.19 19:25:54 | 000,000,512 | ---- | M] () -- C:\Users\Korisnik\Desktop\MBR.dat
[2013.11.19 19:18:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.19 18:46:11 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.19 18:46:11 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.19 18:37:57 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.19 18:37:46 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.11.19 18:37:11 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.19 18:31:14 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.11.19 18:31:13 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.11.19 18:31:13 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.11.19 18:31:13 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.11.19 18:31:13 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.11.19 18:31:13 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.11.19 18:31:13 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.11.19 18:31:12 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.11.19 18:31:04 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.11.19 18:25:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
[2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
[2013.11.17 20:04:11 | 000,666,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.11.17 20:04:11 | 000,127,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.11.10 13:47:04 | 000,448,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.11.06 21:27:23 | 000,007,696 | ---- | M] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
[2013.11.06 14:43:35 | 000,001,669 | ---- | M] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
[2013.10.29 21:35:51 | 000,001,020 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk
[2013.10.22 08:20:10 | 000,056,027 | ---- | M] () -- C:\Users\Korisnik\Desktop\100653427.jpg
[2013.10.22 01:04:26 | 000,061,339 | ---- | M] () -- C:\Users\Korisnik\Desktop\money-background-seamless-fill-bluesky.jpg
[2013.10.22 00:41:38 | 000,009,900 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-dollar-bills_animation.gif
[2013.10.22 00:41:14 | 000,008,984 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-bills-animated.gif
[2013.10.22 00:41:08 | 000,024,181 | ---- | M] () -- C:\Users\Korisnik\Desktop\01-dollars-animation.gif
[2013.10.21 00:21:32 | 000,002,630 | ---- | M] () -- C:\Users\Korisnik\Desktop\The Nearly Ultimate Guide to Better Writing.pdf.lnk
[2013.10.21 00:21:00 | 000,002,578 | ---- | M] () -- C:\Users\Korisnik\Desktop\Serena Alba - Geometrija božanske iskre.pdf.lnk
[2013.10.21 00:19:39 | 000,001,180 | ---- | M] () -- C:\Users\Korisnik\Desktop\Filmovi.lnk
[2013.10.21 00:18:47 | 000,001,057 | ---- | M] () -- C:\Users\Korisnik\Desktop\Slike.lnk
[2013.10.21 00:18:24 | 000,001,051 | ---- | M] () -- C:\Users\Korisnik\Desktop\Glazba.lnk
[2013.10.21 00:16:54 | 000,001,072 | ---- | M] () -- C:\Users\Korisnik\Desktop\Dokumenti.lnk
[2013.10.20 23:50:49 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.10.20 23:50:33 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.10.20 23:50:33 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.10.20 23:50:32 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[54 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.11.19 19:20:08 | 000,000,512 | ---- | C] () -- C:\Users\Korisnik\Desktop\MBR.dat
[2013.11.19 18:37:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.11.18 23:02:24 | 000,891,200 | ---- | C] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
[2013.11.06 14:43:35 | 000,001,669 | ---- | C] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
[2013.11.05 21:35:59 | 000,007,696 | ---- | C] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
[2013.10.22 08:20:09 | 000,056,027 | ---- | C] () -- C:\Users\Korisnik\Desktop\100653427.jpg
[2013.10.22 01:04:22 | 000,061,339 | ---- | C] () -- C:\Users\Korisnik\Desktop\money-background-seamless-fill-bluesky.jpg
[2013.10.22 00:41:37 | 000,009,900 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-dollar-bills_animation.gif
[2013.10.22 00:41:13 | 000,008,984 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-bills-animated.gif
[2013.10.22 00:41:06 | 000,024,181 | ---- | C] () -- C:\Users\Korisnik\Desktop\01-dollars-animation.gif
[2013.10.21 00:21:32 | 000,002,630 | ---- | C] () -- C:\Users\Korisnik\Desktop\The Nearly Ultimate Guide to Better Writing.pdf.lnk
[2013.10.21 00:21:00 | 000,002,578 | ---- | C] () -- C:\Users\Korisnik\Desktop\Serena Alba - Geometrija božanske iskre.pdf.lnk
[2013.10.21 00:19:39 | 000,001,180 | ---- | C] () -- C:\Users\Korisnik\Desktop\Filmovi.lnk
[2013.10.21 00:18:47 | 000,001,057 | ---- | C] () -- C:\Users\Korisnik\Desktop\Slike.lnk
[2013.10.21 00:18:24 | 000,001,051 | ---- | C] () -- C:\Users\Korisnik\Desktop\Glazba.lnk
[2013.10.21 00:16:54 | 000,001,072 | ---- | C] () -- C:\Users\Korisnik\Desktop\Dokumenti.lnk
[2013.10.15 08:42:36 | 000,000,090 | ---- | C] () -- C:\Windows\Philip.INI
[2013.10.15 07:52:46 | 000,000,098 | ---- | C] () -- C:\ProgramData\avalon2.2_WIPE2013.ini
[2013.10.15 07:52:38 | 000,340,992 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.10.15 07:52:34 | 000,340,992 | ---- | C] () -- C:\Windows\sqlite36_engine.dll
[2013.10.06 00:22:20 | 000,200,148 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013.08.17 14:29:27 | 109,026,806 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla.rar
[2013.07.24 15:19:14 | 000,001,397 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.28 17:46:41 | 000,003,342 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\recently-used.xbel
[2013.06.23 15:58:45 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013.06.21 09:54:46 | 000,000,096 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\fusioncache.dat
[2013.06.19 14:41:05 | 000,026,364 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\UserTile.png
[2013.06.19 12:39:35 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2013.06.19 12:34:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\aceg.ini
[2013.05.26 17:10:37 | 000,000,896 | RHS- | C] () -- C:\Users\Korisnik\ntuser.pol
[2013.05.21 10:43:00 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.21 10:42:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.21 10:29:27 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013.05.21 09:28:39 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2013.05.21 09:28:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2013.05.21 09:28:36 | 000,240,004 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.12.14 01:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012.12.14 01:02:20 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.12.14 01:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.12.14 01:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.14 01:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.12.14 01:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
========== ZeroAccess Check ==========
[2012.07.14 18:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.07.23 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\AlarmClock
[2013.11.12 23:15:34 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Audacity
[2013.11.19 18:38:33 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
[2013.06.19 11:18:28 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\BSplayer
[2013.05.21 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\BSplayer Pro
[2013.05.21 10:35:32 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Canneverbe Limited
[2013.09.18 23:01:36 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Epson
[2013.11.11 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Folding@home-x86
[2013.11.18 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\foobar2000
[2013.07.09 22:23:56 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\inkscape
[2013.10.27 15:22:18 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\IrfanView
[2013.06.04 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Line 6
[2013.06.29 13:13:03 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Oracle
[2013.06.04 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Propellerhead Software
[2013.08.10 13:19:41 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Search Protection
[2013.06.15 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\SumatraPDF
[2013.05.21 10:10:20 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Synaptics
[2013.06.03 10:47:15 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\UA_HiRISE
[2013.11.12 04:32:59 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\uTorrent
[2013.10.27 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\WIPE2013
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2011.04.12 03:15:49 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2011.04.12 03:15:49 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009.06.10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009.06.10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2013.03.23 16:21:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2011.04.12 03:15:39 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2011.04.12 03:15:39 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
[2009.07.13 18:55:04 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C034B59784311ABD8D8E0D7943EDFBC6 -- C:\Windows\hr-HR\explorer.exe.mui
[2009.07.13 18:55:04 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C034B59784311ABD8D8E0D7943EDFBC6 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ee880aa5ad10d620\explorer.exe.mui
< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013.11.19 19:30:28 | 000,118,418 | ---- | M] () MD5=F5116BC9B84BCC8B2A334DBF0D43347B -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
< MD5 for: EXPLORER.ICO >
[2007.07.20 11:55:08 | 000,025,214 | ---- | M] () MD5=9B8226EC0C75BA9BDE995D8FBC3FDF59 -- C:\Program Files\FreeAlarmClock\explorer.ico
< MD5 for: EXPLORER.ZIP >
[2006.03.06 21:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
< MD5 for: IEXPLORE.EXE >
[2013.03.23 16:58:37 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_ba715a6a65dbf461\iexplore.exe
[2013.04.05 06:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_a39ee59e7f860811\iexplore.exe
[2013.04.05 07:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013.04.05 07:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2010.11.20 22:29:33 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2009.07.13 17:12:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=49F18DD112B5CDC5DC1DDCECDA088D92 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_hr-hr_97e3d05892d28ffe\iexplore.exe.mui
[2013.03.23 16:58:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013.03.23 16:58:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
[2009.07.14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2013.11.15 18:45:15 | 000,099,278 | ---- | M] () MD5=DBD0BC8350A2D7CB489A2E55A17E82F4 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
< MD5 for: SERVICES >
[2009.06.10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2011.04.12 03:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2011.04.12 03:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009.07.13 18:19:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=DE8100CA6FABE5B5A99CA078144368EF -- C:\Windows\System32\hr-HR\services.exe.mui
[2009.07.13 18:19:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=DE8100CA6FABE5B5A99CA078144368EF -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_5292ca9f5f6438ed\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009.07.14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009.06.10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
< MD5 for: SERVICES.MSC >
[2011.04.12 03:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2011.04.12 03:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009.07.13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
< MD5 for: SERVICES.SBS >
[2013.07.16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
< MD5 for: WINLOGON.ADML >
[2011.04.12 03:15:49 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2011.04.12 03:15:49 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009.06.10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009.06.10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2011.04.12 03:15:37 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2011.04.12 03:15:37 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
[2010.11.20 03:33:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=F8476619C18A319B403AAE275A6A4C46 -- C:\Windows\System32\hr-HR\winlogon.exe.mui
[2010.11.20 03:33:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=F8476619C18A319B403AAE275A6A4C46 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_hr-hr_b5bf28db3a740100\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2009.07.13 18:26:28 | 000,001,080 | ---- | M] () MD5=25448FF5977E91FF87B3A52D6B696803 -- C:\Windows\System32\wbem\hr-HR\winlogon.mfl
[2009.07.13 18:26:28 | 000,001,080 | ---- | M] () MD5=25448FF5977E91FF87B3A52D6B696803 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_115066de58bdd6fb\winlogon.mfl
[2011.04.12 03:15:38 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2011.04.12 03:15:38 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009.07.13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009.07.13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2013.05.26 17:59:41 | 000,003,065 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013.11.19 18:37:11 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.24 15:28:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.07.24 15:28:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.11.19 18:37:11 | 2029,371,392 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010.11.20 22:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.16 16:07:46 | 000,878,224 | ---- | M] (Space Sciences Laboratory) -- C:\Windows\boinc.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 54DD-0016
Directory of C:\
14.07.2009. 05:53 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14.07.2009. 05:53 <JUNCTION> Application Data [C:\ProgramData]
14.07.2009. 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14.07.2009. 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14.07.2009. 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14.07.2009. 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009. 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14.07.2009. 05:53 <SYMLINKD> All Users [C:\ProgramData]
14.07.2009. 05:53 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14.07.2009. 05:53 <JUNCTION> Application Data [C:\ProgramData]
14.07.2009. 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14.07.2009. 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14.07.2009. 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14.07.2009. 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009. 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14.07.2009. 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14.07.2009. 05:53 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14.07.2009. 05:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14.07.2009. 05:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
14.07.2009. 05:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009. 05:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009. 05:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009. 05:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009. 05:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009. 05:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14.07.2009. 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14.07.2009. 05:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009. 05:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14.07.2009. 05:53 <JUNCTION> My Music [C:\Users\Default\Music]
14.07.2009. 05:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14.07.2009. 05:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Korisnik
21.05.2013. 08:23 <JUNCTION> Application Data [C:\Users\Korisnik\AppData\Roaming]
21.05.2013. 08:23 <JUNCTION> Cookies [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Cookies]
21.05.2013. 08:23 <JUNCTION> Local Settings [C:\Users\Korisnik\AppData\Local]
21.05.2013. 08:23 <JUNCTION> My Documents [C:\Users\Korisnik\Documents]
21.05.2013. 08:23 <JUNCTION> NetHood [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21.05.2013. 08:23 <JUNCTION> PrintHood [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21.05.2013. 08:23 <JUNCTION> Recent [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Recent]
21.05.2013. 08:23 <JUNCTION> SendTo [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\SendTo]
21.05.2013. 08:23 <JUNCTION> Start Menu [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu]
21.05.2013. 08:23 <JUNCTION> Templates [C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Korisnik\AppData\Local
21.05.2013. 08:23 <JUNCTION> Application Data [C:\Users\Korisnik\AppData\Local]
21.05.2013. 08:23 <JUNCTION> History [C:\Users\Korisnik\AppData\Local\Microsoft\Windows\History]
21.05.2013. 08:23 <JUNCTION> Temporary Internet Files [C:\Users\Korisnik\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Korisnik\Documents
21.05.2013. 08:23 <JUNCTION> My Music [C:\Users\Korisnik\Music]
21.05.2013. 08:23 <JUNCTION> My Pictures [C:\Users\Korisnik\Pictures]
21.05.2013. 08:23 <JUNCTION> My Videos [C:\Users\Korisnik\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14.07.2009. 05:53 <JUNCTION> My Music [C:\Users\Public\Music]
14.07.2009. 05:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14.07.2009. 05:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 23.915.397.120 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013.05.21 09:37:12 | 000,000,221 | -HS- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
[2013.10.16 21:03:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Korisnik\Desktop\erunt-setup.exe
[2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
[2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-05-21 09:05:47
========== Base Services ==========
SRV - [2009.07.14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013.02.27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009.07.14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010.11.20 22:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010.11.20 22:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2013.03.23 16:40:38 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013.03.23 16:34:59 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010.11.20 22:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2013.03.23 16:20:41 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010.11.20 22:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2013.03.23 16:48:57 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2013.03.23 16:24:50 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2013.03.23 16:31:54 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010.11.20 22:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010.11.20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013.03.23 16:26:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009.07.14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010.11.20 22:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010.11.20 22:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010.11.20 22:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010.11.20 22:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2013.03.23 16:41:02 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010.11.20 22:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010.11.20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010.11.20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010.11.20 22:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.11.20 22:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010.11.20 22:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010.11.20 22:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010.11.20 22:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012.06.02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010.11.20 22:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010.11.20 22:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ATA Hitachi HTS54323 SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 151,00GB
Starting Offset: 105906176
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 147,00GB
Starting Offset: 162530328576
Hidden sectors: 0
< End of report >
Junior Member
Extras.txt
OTL Extras logfile created on: 19.11.2013. 19:33:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
1,89 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 65,61% Memory free
3,78 Gb Paging File | 2,64 Gb Available in Paging File | 69,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,27 Gb Total Space | 22,35 Gb Free Space | 14,77% Space Free | Partition Type: NTFS
Drive D: | 146,72 Gb Total Space | 27,30 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
Computer Name: KORISNIK-PC | User Name: Korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files\foobar2000\foobar2000.exe" /add "%1" (Piotr Pawlowski)
Directory [foobar2000.play] -- "C:\Program Files\foobar2000\foobar2000.exe" "%1" (Piotr Pawlowski)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C65EF1CC-4A9F-4A83-BE03-80A3243D3E10}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AEF387-A6CF-43CD-AF5E-3C6BA3C09A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D5FA06E-0F19-4B49-9130-3287DEEA49C6}" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"{18E89CCB-A0AD-472B-9392-C3E26C3CC0A5}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{1E18746D-2FA5-4879-B4DB-1539AC88300D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{37F1208E-D9AC-4355-AE29-F47734F5BFA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{37FFD9B2-23A1-4D58-8C04-58EE452672E4}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{4E61EA41-0055-42EC-B7CF-B4A7FBB1BB02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5AEB08AC-2C00-41B5-AB90-BEF6234FA7D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5CC39BA4-DA6E-47C0-99BD-2946F7FF0F56}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{6112865D-AA69-48D7-80FB-4E4D2B08659A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8E435D9A-3A2C-46FB-B26F-F9A07473C34C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A16BEF9C-84C3-415E-B3A0-5B61DB3CD9E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AF52718A-15A8-4CD1-9119-7DD7729C3F00}" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"{B40367A4-D114-43FA-9C8D-58F9321145D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E30ED415-BE27-4920-96ED-05744B9DBB9E}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{F23D25B8-8A4A-4322-82D4-8D98AF89FF5D}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{5EB3CABB-A47F-4182-9C1B-2A6FB5084719}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{ED27E978-5DF7-47C6-AD12-54F692AF3F60}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E221EA3A-AA43-462F-84D5-27C2B052916D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{E5F987FE-A5E6-43E5-BB6B-ACF292DFA996}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.3
"{1A3A0526-E055-4B51-8F56-9C520509A572}" = Authorizer Ignition Key Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29F1159B-A14A-4B2D-84CF-F1231F68178E}" = Duke Nukem - Manhattan Project (DEMO v1.0.1)
"{32A3A4F4-B792-11D6-A78A-00B0D0170210}" = Java SE Development Kit 7 Update 21
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBD2D05-F6A2-3151-81ED-064B94A16C51}" = Google Chrome
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{818AD66C-A54A-409E-8489-2F2548F0880E}" = BOINC
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.1
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-041A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Croatian) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-041A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Croatian) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-041A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Croatian) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-041A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Croatian) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-041A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Croatian) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-041A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Croatian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
"{90120000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-041A-0000-0000000FF1CE}" = Microsoft Office Proofing (Croatian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-041A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Croatian) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-041A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Croatian) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-041A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Croatian) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-041A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Croatian) 2007
"{90120000-0100-041A-0000-0000000FF1CE}" = Microsoft Office O MUI (Croatian) 2007
"{90120000-0101-041A-0000-0000000FF1CE}" = Microsoft Office X MUI (Croatian) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1" = Authorizer 2.5.1
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"Byki Express" = Byki Express
"CCleaner" = CCleaner
"Eight Legged Freaks" = Eight Legged Freaks (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Korisnički vodič EPSON SX130 Series
"ERUNT_is1" = ERUNT 1.1j
"Foldit" = Foldit
"foobar2000" = foobar2000 v1.2.9
"Free Driver Backup_is1" = Free Driver Backup 9.4.5
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HiView_is1" = HiView
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"Inkscape" = Inkscape 0.48.4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{29F1159B-A14A-4B2D-84CF-F1231F68178E}" = Duke Nukem - Manhattan Project (DEMO v1.0.1)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.0 (Full)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzija 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 25.0.1 (x86 hr)" = Mozilla Firefox 25.0.1 (x86 hr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.hr-hr" = Microsoft Office Language Pack 2007 - Croatian/Hrvatski
"RealPlayer 16.0" = RealPlayer
"Reason7.0_32_is1" = Reason 7.0.1
"Santa Claus in Trouble" = Santa Claus in Trouble
"SouthParkMario2.1" = SouthPark Mario Bros 2.1
"SpeedFan" = SpeedFan (remove only)
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Wipe 2013" = Wipe 2013.59
"Zombiepox_is1" = Zombiepox v1.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection" = Search Protection
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.11.2013. 15:03:15 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 158013
Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 173863
Error - 19.11.2013. 15:03:31 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 173863
Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 189806
Error - 19.11.2013. 15:03:47 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 189806
Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 205781
Error - 19.11.2013. 15:04:03 | Computer Name = Korisnik-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 205781
[ Media Center Events ]
Error - 16.8.2013. 7:12:50 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
Description = 13:12:50 - Dohvaćanje stavke Directory nije uspjelo (Pogreška: The
underlying connection was closed: An unexpected error occurred on a send.)
Error - 16.8.2013. 7:12:50 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
Description = 13:12:50 - Dohvaćanje stavke MCEClientUX nije uspjelo (Pogreška: The
underlying connection was closed: An unexpected error occurred on a send.)
Error - 16.8.2013. 7:13:11 | Computer Name = Korisnik-PC | Source = MCUpdate | ID = 0
Description = 13:12:50 - Dohvaćanje stavke Broadband nije uspjelo (Pogreška: The
underlying connection was closed: An unexpected error occurred on a send.)
[ System Events ]
Error - 16.11.2013. 15:37:59 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 16.11.2013. 15:48:15 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 17.11.2013. 10:46:55 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
Wlansvc.
Error - 17.11.2013. 13:06:32 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
ShellHWDetection.
Error - 17.11.2013. 14:57:09 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7011
Description = Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa
ShellHWDetection.
Error - 17.11.2013. 15:20:46 | Computer Name = Korisnik-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 17.11.2013. 15:44:05 | Computer Name = Korisnik-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:29:06 on ?17.?11.?2013. was unexpected.
Error - 18.11.2013. 18:13:59 | Computer Name = Korisnik-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:12:42 on ?18.?11.?2013. was unexpected.
Error - 19.11.2013. 13:31:23 | Computer Name = Korisnik-PC | Source = Service Control Manager | ID = 7030
Description = Servis avast! Antivirus označen je kao interaktivni servis. Međutim,
sustav je konfiguriran tako da ne dozvoljava interaktivne servise. Servis možda
neće ispravno funkcionirati.
Error - 19.11.2013. 15:00:42 | Computer Name = Korisnik-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
< End of report >
Hi black_lilies ,
RogueKiller
Download to your desktop RogueKiller (by tigzy)
Windows XP : Double click on the icon to run it .Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" Quit all programs Wait until Prescan has finished ... Click on Scan , Do Not Fix Anything at this point. Click the Report button, save the report to your desktop
=========================
ComboFix
Refer to the ComboFix User's Guide
Download ComboFix from the following location:
Link
* IMPORTANT !!! Place ComboFix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here Double click on ComboFix.exe & follow the prompts. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
--------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled .
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
=========================
In your next post please provide the following :
RKreport.txt ComboFix.txt Please describe the symptoms you are experiencing.
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules