Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Self-replicating folders

  1. #11
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    RKreport.txt

    RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Korisnik [Admin rights]
    Mode : Remove -- Date : 11/22/2013 16:56:05
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] SearchProtection.exe -- C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]
    [SUSP PATH] afom.exe -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
    [RUN][SUSP PATH] HKUS\S-1-5-21-1339427262-3479436622-1115934270-1000\[...]\Run : SearchProtection ("C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> NOT SELECTED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54323 SCSI Disk Device +++++
    --- User ---
    [MBR] 295c75d871fcf1297cf1145835049b8e
    [BSP] 9dba65ade744a9c0c0256ba54bc190d8 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 154900 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317442048 | Size: 150243 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_11222013_165605.txt >>
    RKreport[0]_S_11222013_165310.txt




    OTL fix log

    ComboFix 13-11-22.01 - Korisnik 2.11.2013. 17:12:08.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.1163 [GMT 1:00]
    Running from: c:\users\Korisnik\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-11-22 16:21 . 2013-11-22 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-11-22 15:59 . 2013-11-22 15:59 -------- d-----w- C:\_OTL
    2013-11-22 15:49 . 2013-11-22 15:49 26624 ----a-w- c:\windows\system32\TrueSight.sys
    2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\program files\SystemRequirementsLab
    2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\users\Korisnik\AppData\Roaming\SystemRequirementsLab
    2013-11-19 17:38 . 2013-11-19 17:38 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVAST Software
    2013-11-08 08:23 . 2013-11-08 08:23 -------- d-----w- c:\program files\iPod
    2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-11-19 17:31 . 2013-05-21 09:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-11-19 17:31 . 2013-05-21 09:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-11-19 17:31 . 2013-05-21 09:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-11-19 17:31 . 2013-05-21 09:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-11-19 17:31 . 2013-05-21 09:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-11-19 17:31 . 2013-05-21 09:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-11-19 17:31 . 2013-05-21 09:42 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-11-19 17:31 . 2013-05-21 09:43 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-11-19 17:31 . 2013-05-21 09:42 269216 ----a-w- c:\windows\system32\aswBoot.exe
    2013-11-19 17:31 . 2013-05-21 09:41 43152 ----a-w- c:\windows\avastSS.scr
    2013-10-20 22:50 . 2013-10-20 22:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-10-08 21:33 . 2013-05-22 00:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-08 21:33 . 2013-05-22 00:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-24 21:41 . 2013-06-27 14:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-08-24 21:41 . 2013-06-27 14:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-11-19 17:30 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-09 1591808]
    "SearchProtection"="c:\users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09-03 832360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-03-06 5655144]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-16 3667600]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-16 71312]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-24 295512]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
    .
    c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    Wipe tray agent 2013.lnk - c:\program files\Wipe 2013\wipetray.exe startup [2013-10-15 216880]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21 8443832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2013-05-08 16:24 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-08-20 110408]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 331080]
    R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
    R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
    R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
    R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
    R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-04 351288]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-04 796216]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-03-23 14848]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-23 24064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-23 49664]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-23 27136]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 532536]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 25656]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
    S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
    S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13 1830544]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-09-19 209552]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-11-15 14:44 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 21:33]
    .
    2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
    .
    2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.hr/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
    FF - prefs.js: browser.startup.homepage - hxxp://mindmillion.com/inspiration.html
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
    FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
    FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
    FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
    FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-11-22 17:25:23
    ComboFix-quarantined-files.txt 2013-11-22 16:25
    .
    Pre-Run: 28.180.480.000 bytes free
    Post-Run: 27.611.176.960 bytes free
    .
    - - End Of File - - 2ED1CCC903C1652324DABD71E1DB8279
    A36C5E4F47E84449FF07ED3517B43A31




    ComboFix.txt

    All processes killed
    ========== FILES ==========
    File\Folder C:\359*ZZZ..Z.....ZZZZZ not found.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Korisnik
    ->Temp folder emptied: 1693123 bytes
    ->Temporary Internet Files folder emptied: 43111069 bytes
    ->Java cache emptied: 1566662 bytes
    ->FireFox cache emptied: 184747730 bytes
    ->Google Chrome cache emptied: 250598721 bytes
    ->Flash cache emptied: 1962 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 43768 bytes
    RecycleBin emptied: 56174202 bytes

    Total Files Cleaned = 513,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11222013_165917

    Files\Folders moved on Reboot...
    C:\Users\Korisnik\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  2. #12
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi black_lilies,

    I know this is a minor detail, but would you kindly post the logs in the sequence requested. It makes reviewing them easier if I don't have to scroll back and forth to see what items have been removed.
    I appreciate your cooperation.

    = = = = = = = = = = = = = = = = = = = =

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the code-box below into it:


    Code:
    FIREFOX::
    FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
    FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
    
    FOLDER::
    C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
    
    ClearJavaCache::
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, please post the C:\ComboFix.txt for further review.

    =========================

    In your next post please provide the following:
    • ComboFix.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #13
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    Hi, OCD

    Quote Originally Posted by OCD View Post
    I know this is a minor detail, but would you kindly post the logs in the sequence requested. It makes reviewing them easier if I don't have to scroll back and forth to see what items have been removed.
    I appreciate your cooperation.
    I'm so sorry for that, won't do it again .

    Here's the log:


    ComboFix 13-11-22.01 - Korisnik 2.11.2013. 21:33:52.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.1323 [GMT 1:00]
    Running from: c:\users\Korisnik\Desktop\ComboFix.exe
    Command switches used :: c:\users\Korisnik\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions

    )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-

    4a75-8e0b-3bd0a464edd2}.xpi
    c:\windows\iun6002.exe
    c:\windows\system32\FlashPlayerApp.exe
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22

    )))))))))))))))))))))))))))))))
    .
    .
    2013-11-22 20:42 . 2013-11-22 20:43 -------- d-----w- c:\users\Korisnik\AppData

    \Local\temp
    2013-11-22 20:42 . 2013-11-22 20:42 -------- d-----w- c:\users\Default\AppData\Local

    \temp
    2013-11-22 15:59 . 2013-11-22 15:59 -------- d-----w- C:\_OTL
    2013-11-22 15:49 . 2013-11-22 15:49 26624 ----a-w- c:\windows\system32\TrueSight.sys
    2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\program files

    \SystemRequirementsLab
    2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\users\Korisnik\AppData

    \Roaming\SystemRequirementsLab
    2013-11-19 17:38 . 2013-11-19 17:38 -------- d-----w- c:\users\Korisnik\AppData

    \Roaming\AVAST Software
    2013-11-08 08:23 . 2013-11-08 08:23 -------- d-----w- c:\program files\iPod
    2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\programdata\188F1432-103A-

    4ffb-80F1-36B633C5C9E1
    2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report

    ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-11-22 17:09 . 2013-05-22 00:00 71048 ----a-w- c:\windows

    \system32\FlashPlayerCPLApp.cpl
    2013-11-19 17:31 . 2013-05-21 09:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-11-19 17:31 . 2013-05-21 09:43 35656 ----a-w- c:\windows\system32\drivers

    \aswFsBlk.sys
    2013-11-19 17:31 . 2013-05-21 09:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-11-19 17:31 . 2013-05-21 09:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-11-19 17:31 . 2013-05-21 09:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-11-19 17:31 . 2013-05-21 09:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-11-19 17:31 . 2013-05-21 09:42 70384 ----a-w- c:\windows\system32\drivers

    \aswMonFlt.sys
    2013-11-19 17:31 . 2013-05-21 09:43 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-11-19 17:31 . 2013-05-21 09:42 269216 ----a-w- c:\windows\system32\aswBoot.exe
    2013-11-19 17:31 . 2013-05-21 09:41 43152 ----a-w- c:\windows\avastSS.scr
    2013-10-20 22:50 . 2013-10-20 22:51 94632 ----a-w- c:\windows

    \system32\WindowsAccessBridge.dll
    2013-08-24 21:41 . 2013-06-27 14:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-08-24 21:41 . 2013-06-27 14:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points

    ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers

    \00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-11-19 17:30 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-09

    1591808]
    "SearchProtection"="c:\users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09

    -03 832360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-03-06 5655144]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-

    12 56128]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21

    59720]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-16 3667600]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-16 71312]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-24 295512]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
    .
    c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date#

    /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    Wipe tray agent 2013.lnk - c:\program files\Wipe 2013\wipetray.exe startup [2013-10-15 216880]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21

    8443832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2013-05-08 16:24 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update

    \jusched.exe
    .
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-08-20 110408]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 331080]
    R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
    R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22

    130152]
    R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
    R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24

    65152]
    R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys

    [2012-07-24 32512]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys

    [2012-07-24 88832]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-04 351288]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys

    [2012-12-04 796216]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25

    73984]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys

    [2011-10-25 165120]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers

    \rdpvideominiport.sys [2013-03-23 14848]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-23

    24064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-23 49664]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-23 27136]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 532536]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 25656]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program

    files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17

    87968]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
    S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-

    11-21 2571704]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage

    Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
    S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13

    1830544]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files

    \RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe

    [2009-01-26 1153368]
    S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-09-19

    209552]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-

    A69D9E530F96}]
    2013-11-15 14:44 1210320 ----a-w- c:\program files\Google\Chrome\Application

    \31.0.1650.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 17:09]
    .
    2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
    .
    2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.hr/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
    FF - prefs.js: browser.startup.homepage - hxxp://mindmillion.com/inspiration.html
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-

    8&ilc=12&type=512435&p=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com; c:\users\Korisnik\AppData

    \Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions

    \notreal.ccoptions@environmentalchemistry.com.xpi
    FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Korisnik\AppData

    \Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-

    9b5a22eafe30}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\Korisnik\AppData

    \Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-

    0800200c9a66}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\Korisnik\AppData

    \Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\Korisnik\AppData

    \Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-

    3bd0a464edd2}.xpi
    FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\Korisnik\AppData

    \Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-

    542d9f063dfd}.xpi
    FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Korisnik\AppData

    \Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-

    C7398B99391C}.xpi
    FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData

    \Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    FF - ExtSQL: 2013-11-22 20:52; foxcconverter@gmail.com; c:\users\Korisnik\AppData\Roaming\Mozilla

    \Firefox\Profiles\x1sb23sa.default\extensions\foxcconverter@gmail.com.xpi
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref

    ('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js:

    extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
    FF - user.js: extentions.webcake.defaultEnableAppsList -

    layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-SouthParkMario2.1 - c:\windows\iun6002.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-11-22 21:47:19
    ComboFix-quarantined-files.txt 2013-11-22 20:47
    ComboFix2.txt 2013-11-22 16:25
    .
    Pre-Run: 27.562.418.176 bytes free
    Post-Run: 27.260.485.632 bytes free
    .
    - - End Of File - - B97B1E0DA2CC988BA47CDC0F651DFB8E
    A36C5E4F47E84449FF07ED3517B43A31

  4. #14
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi black_lilies,

    Are any of these folders present:
    • C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
    • C:\3590F75ABA9E485486C100C1A9D4FF06XZRURUNVBZAFAFQC
    • C:\3590F75ABA9E485486C100C1A9D4FF06CIKFRWNFNGUMLJVK

    = = = = = = = = = = = = = = = = = = = =

    I archived this folder and inside there's a folder S-1-5-21-1339427262-3479436622-1115934270-1000, and inside this folder is desktop.ini and two .rar archives: $IVUL567.rar and $RVUL567.rar. Do you know what that could be?
    When a user logs onto Windows, they also load their user profile. This profile contains ALL settings for the user to interact with Windows. This ranges in settings from such as the desktop wallpaper to the settings to get the user on the internet.

    Windows uses a database, known as the Registry to store all of this info and a lot more also.

    In Windows' registry, a user is not know by their name or such, but instead by what is called a Global Unique Identifier (GUID) This is the number you see in your post: S-1-5-21-270858548-4033370624-1180157758-1000

    That number can be you! Know your probably saying, "But I see others!" yes you are and let me explain why:

    When Windows does various task in the "background" (one you can see running and those you do not know about), such as defragmenting the hard drive, running various services, running anti-virus, etc., all of those programs need 'permission' to run. Because of this, Windows will allow programs to run under user permissions - in essence, those programs are their own user. Now note that this does not mean all programs do, but some do need to do so -and this is what you see in those other "S-" numbers.

    But I do not know what the .rar files are. What is a RAR File? - A file with the RAR file extension is a Roshal Archive Compressed file.

    =========================

    Remove Word Wrap in Notepad
    • Click the Windows “Start” button.
    • Enter “Notepad” into the search box and double-click the application from the list of search results that appears. The Notepad application opens.
    • Click “Format” from the main menu in Notepad to display the formatting drop-down menu. You will see a check mark next to the words “Word Wrap,” which indicates that the Word Wrap feature is currently inserting line endings into your Notepad files.
    • Click “Word Wrap” to remove line endings. The check mark that used to appear next to “Word Wrap” disappears, indicating that you have successfully disabled this feature and removed all line endings from your document.


    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the code-box below into it:


    Code:
    Firefox::
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
    FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, please post the C:\ComboFix.txt for further review.

    =========================

    In your next post please provide the following:

    • Answers to questions.
    • Combofix.txt
    • How is the computer running?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #15
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    Hi OCD,

    Thanks for the explanation. None of the folders are present and the computer is running perfectly, it seems way faster than before, I can't stop wondering, haha. Awesome!

    And sorry for the word wrap in the previous log, it really made a mess...


    ComboFix 13-11-22.01 - Korisnik 3.11.2013. 0:39.4.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.1113 [GMT 1:00]
    Running from: c:\users\Korisnik\Desktop\ComboFix.exe
    Command switches used :: c:\users\Korisnik\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-11-22 23:48 . 2013-11-22 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-11-22 20:47 . 2013-11-22 23:48 -------- d-----w- c:\users\Korisnik\AppData\Local\temp
    2013-11-22 15:59 . 2013-11-22 15:59 -------- d-----w- C:\_OTL
    2013-11-22 15:49 . 2013-11-22 15:49 26624 ----a-w- c:\windows\system32\TrueSight.sys
    2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\program files\SystemRequirementsLab
    2013-11-21 19:50 . 2013-11-21 19:50 -------- d-----w- c:\users\Korisnik\AppData\Roaming\SystemRequirementsLab
    2013-11-19 17:38 . 2013-11-19 17:38 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVAST Software
    2013-11-08 08:23 . 2013-11-08 08:23 -------- d-----w- c:\program files\iPod
    2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-11-08 08:23 . 2013-11-08 08:25 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-11-22 17:09 . 2013-05-22 00:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-11-19 17:31 . 2013-05-21 09:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-11-19 17:31 . 2013-05-21 09:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-11-19 17:31 . 2013-05-21 09:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-11-19 17:31 . 2013-05-21 09:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-11-19 17:31 . 2013-05-21 09:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-11-19 17:31 . 2013-05-21 09:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-11-19 17:31 . 2013-05-21 09:42 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-11-19 17:31 . 2013-05-21 09:43 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-11-19 17:31 . 2013-05-21 09:42 269216 ----a-w- c:\windows\system32\aswBoot.exe
    2013-11-19 17:31 . 2013-05-21 09:41 43152 ----a-w- c:\windows\avastSS.scr
    2013-10-20 22:50 . 2013-10-20 22:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-11-19 17:30 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-09 1591808]
    "SearchProtection"="c:\users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09-03 832360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-03-06 5655144]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-16 3667600]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-16 71312]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-24 295512]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
    .
    c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    Wipe tray agent 2013.lnk - c:\program files\Wipe 2013\wipetray.exe startup [2013-10-15 216880]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21 8443832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2013-05-08 16:24 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-08-20 110408]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 331080]
    R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
    R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
    R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
    R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
    R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-04 351288]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-04 796216]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-03-23 14848]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-23 24064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-23 49664]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-23 27136]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 532536]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 25656]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
    S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
    S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13 1830544]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-09-19 209552]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-11-15 14:44 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 17:09]
    .
    2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
    .
    2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 09:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.hr/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
    FF - prefs.js: browser.startup.homepage - hxxp://mindmillion.com/inspiration.html
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
    FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
    FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
    FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
    FF - ExtSQL: 2013-11-08 02:07; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    FF - ExtSQL: 2013-11-22 20:52; foxcconverter@gmail.com; c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxcconverter@gmail.com.xpi
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-11-23 00:52:49
    ComboFix-quarantined-files.txt 2013-11-22 23:52
    ComboFix2.txt 2013-11-22 20:47
    ComboFix3.txt 2013-11-22 16:25
    .
    Pre-Run: 27.280.228.352 bytes free
    Post-Run: 27.216.330.752 bytes free
    .
    - - End Of File - - 3FFD27ADBA923522144CA5E7B7AC986C
    A36C5E4F47E84449FF07ED3517B43A31

  6. #16
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi black_lilies,

    Disable FireFox plug-in

    • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
    • In the Add-ons Manager tab, select the Extensions or Appearance panel.
    • Select the add-on you wish to disable.
      • Webcake
      • Fox Converter
    • Click the Disable button.
    • Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

    =========================

    Malwarebytes' Anti-Malware

    Locate Malwarebytes' Anti-Malware (it should be on your desktop).
    If not, download it here
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
    • Select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    =========================

    ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:

    • MBAM log
    • ESET's log.txt
    • How's the computer running, any symptoms?

    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  7. #17
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    Hi OCD,

    I don't have these FireFox add-ons, at least I don't see them here. I don't notice any symptoms on my computer, nothing unusual. And I have Croatian version of Malwarebytes, so please ask if you need anything translated...


    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Verzija baze podataka: v2013.11.23.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16576
    Korisnik :: KORISNIK-PC [administrator]

    23.11.2013. 13:46:33
    mbam-log-2013-11-23 (13-46-33).txt

    Tip provjere: Brza provjera
    Opcije provjere omogućene: Memorija | Startup | Registri | Sistemske datoteke | Heurestika/Extra | Heurestika/Shuriken | PUP | PUM
    Opcije provjere onemogućene: P2P
    Provjereni objekti: 209557
    Vrijeme trajanja: 14 minuta, 8 sekundi

    Detektirani procesi u memoriji: 0
    (Zloćudne stavke nisu otkrivene)

    Detektirani moduli u memoriji: 0
    (Zloćudne stavke nisu otkrivene)

    Detektirani ključevi u registru: 3
    HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Prebačeno u karantenu i uspješno uklonjeno.
    HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Prebačeno u karantenu i uspješno uklonjeno.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Prebačeno u karantenu i uspješno uklonjeno.

    Detektirani vrijednosti u registru: 0
    (Zloćudne stavke nisu otkrivene)

    Detektirani podaci u registru: 0
    (Zloćudne stavke nisu otkrivene)

    Detektirani direktoriji: 0
    (Zloćudne stavke nisu otkrivene)

    Detektirane datoteke: 0
    (Zloćudne stavke nisu otkrivene)

    (kraj)



    (So, it says the three detected registry keys were moved to quarantine and successfully removed)



    ESET Online Scanner

    C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/AdWare.1ClickDownload.AP application
    C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001 Win32/AdWare.1ClickDownload.AP application
    C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe a variant of Win32/Toolbar.Widgi application
    C:\Users\Korisnik\AppData\Roaming\Search Protection\Uninstall.exe probably a variant of Win32/Toolbar.Widgi application
    Operating memory a variant of Win32/Toolbar.Widgi application

  8. #18
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi black_lilies,

    Thank you for the translation for the MBAM scan.

    Run OTL.exe

      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      PRC - C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)
      O4 - HKCU..\Run: [SearchProtection] C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
      [2013.08.10 13:19:41 | 000,000,000 | ---D | M] -- C:\Users\Korisnik\AppData\Roaming\Search Protection
      
      :Files
      C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000
      C:\Users\Korisnik\AppData\Roaming\Search Protection
      
      :Reg
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "Search Protection"=-
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SearchProtection"=-
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done

    =========================

    AdwCleaner v3: Scan & Clean
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that log file in your next reply.
    • A copy of that log file will also be saved in the C:\AdwCleaner folder.

    =========================

    Junkware Removal Tool

    Download Junkware Removal Tool to your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Shut down your protection software now to avoid potential conflicts.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    =========================

    Reboot

    =========================

    Re-run OTL (it should be located on your desktop).
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Uncheck the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
      Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

    =========================

    In your next post please provide the following:
    • OTL fix log
    • AdwCleaner[S0].txt
    • JRT.txt
    • Fresh OTL.txt
    • Any remaining issues?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #19
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    Hi OCD,

    No remaining issues, the computer is running perfectly .


    OTL fix log

    All processes killed
    ========== OTL ==========
    No active process named SearchProtection.exe was found!
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
    C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.EXE moved successfully.
    C:\Users\Korisnik\AppData\Roaming\Search Protection folder moved successfully.
    ========== FILES ==========
    C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths folder moved successfully.
    C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00 folder moved successfully.
    C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000\t folder moved successfully.
    C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000 folder moved successfully.
    File\Folder C:\Users\Korisnik\AppData\Roaming\Search Protection not found.
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Search Protection not found.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SearchProtection not found.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Korisnik
    ->Temp folder emptied: 229990 bytes
    ->Temporary Internet Files folder emptied: 481052 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 296429426 bytes
    ->Google Chrome cache emptied: 18206285 bytes
    ->Flash cache emptied: 1120 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9894 bytes
    RecycleBin emptied: 85285764 bytes

    Total Files Cleaned = 382,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11232013_212916

    Files\Folders moved on Reboot...
    C:\Users\Korisnik\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...



    AdwCleaner[S0]

    # AdwCleaner v3.012 - Report created 23/11/2013 at 21:45:57
    # Updated 11/11/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
    # Username : Korisnik - KORISNIK-PC
    # Running from : C:\Users\Korisnik\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\NCH Software
    Folder Deleted : C:\Program Files\NCH Software
    Folder Deleted : C:\Users\Korisnik\AppData\Roaming\NCH Software
    File Deleted : C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\NCH Software
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\NCH Software

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16576


    -\\ Mozilla Firefox v25.0.1 (hr)

    [ File : C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\SimpleClocks\prefs.js ]


    [ File : C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\prefs.js ]

    Line Deleted : user_pref("InFormEnter.1.MenuSet", "sweet_parody%0AEma%0AMajhut%0AEma%20Majhut%0AK.%20Domagoja%201%0AUlica%20kneza%20Domagoja%201%0ABjelovar%0AGare%u0161nica%0A43280%0A099%20686%201856%0Ablack.tralala[...]
    Line Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*digg.com/(.{5}|.{6})$|hxxp:[...]
    Line Deleted : user_pref("extensions.smarterwiki.search_surfcanyon", false);
    Line Deleted : user_pref("extensions.xmarks.user", "({xmarksuserid:\"sweet_sweet\", authtype:\"xmarks\", displayname:\"sweet_sweet\", nativeid:\"sweet_sweet\"})");
    Line Deleted : user_pref("extensions.xmarks.username", "sweet_sweet");
    Line Deleted : user_pref("extensions.xnotifier.accounts.[gmail#black.tralala.lilies@gmail.com].inboxOnly", true);
    Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].cookie", "hxxp://my.yahoo.com/ F=a=QepD8F8MvSpC5IM62xd8RMG2_od_BbEJsfTwHCYv9Er_NFJeFAebZQKxS4OcE8P1lskNRMw-&b=2fxi; expires=Tue,[...]
    Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].enabled", true);
    Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].inboxOnly", true);
    Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].includeSpam", 0);
    Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sweet_parody@yahoo.com].showFolders", true);
    Line Deleted : user_pref("extensions.xnotifier.defaults.yahoo", "sweet_parody@yahoo.com");
    Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
    Line Deleted : user_pref("extentions.webcake.installId", "4c25f721-dde9-4592-8c09-c5e91446a22b");

    -\\ Google Chrome v31.0.1650.57

    [ File : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3747 octets] - [23/11/2013 21:41:21]
    AdwCleaner[S0].txt - [3728 octets] - [23/11/2013 21:45:57]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3788 octets] ##########




    JRT

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Ultimate x86
    Ran by Korisnik on sub 23.11.2013. at 21:51:31,61
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\savefileto@mozdev.org.xpi [Tracur]
    Successfully deleted: [File] C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\searchy@searchy.xpi
    Successfully deleted the following from C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\prefs.js

    user_pref("extensions.TooManyTabs@visibotech.com.recentlyClosedTabs", "[{\"label\":\"Greenpeace Shard demo: What do you think? - Brainstorm\",\"url\":\"hxxp://www.greenpeaceco
    user_pref("extensions.rainalarm.location2", "QD78nilS1C4XN2/9i4UHv9Sn0x4=");
    user_pref("flagfox.actions", "[{\"name\":\"Geotool\",\"template\":\"hxxp://geoip.flagfox.net/?ip={IPaddress}&host={domainName}\",\"iconclick\":\"click\",\"hotkey\":{\"mods\":\
    Emptied folder: C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\minidumps [98 files]



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on sub 23.11.2013. at 21:54:39,85
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    OTL

    OTL logfile created on: 23.11.2013. 22:02:34 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korisnik\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

    1,89 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 60,76% Memory free
    3,78 Gb Paging File | 2,91 Gb Available in Paging File | 76,96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 151,27 Gb Total Space | 25,28 Gb Free Space | 16,71% Space Free | Partition Type: NTFS
    Drive D: | 146,72 Gb Total Space | 22,16 Gb Free Space | 15,10% Space Free | Partition Type: NTFS

    Computer Name: KORISNIK-PC | User Name: Korisnik | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Korisnik\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
    PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
    PRC - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
    PRC - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\97c369d03310ac919968cac177d066da\System.ServiceModel.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\d5229063f646936404008f444c533c3b\System.ServiceModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\620cea5f6098caaf044d062d8dde6b3d\System.IdentityModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\8b9c29dd76473c8230ca379ee39e40e2\IAStorDataMgrSvcInterfaces.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\1eea35376a67d2e807a54ff3fe4b8a56\IAStorCommon.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\0a4ef3904cfdea04def6af647f619946\IAStorUtil.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b1f3ea839257551154e34750f26fa33d\System.Runtime.Serialization.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3506b73a7cc2bc014040bdaf42e3c9f2\System.ServiceModel.Internals.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4626a29dfa025f702b32e3515de175e3\SMDiagnostics.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7449f505f7fb206101f361c05dd7d9be\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c3b7873af3400562b01878e1dfdb0c59\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\88080c0d9e9709c55aa0494a3b05a1df\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\847c865b860f33a319b2c6906d9a125f\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7499b638af35153a97431c42fd16d9cb\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78d3cd0fc198e323f3eb0742f23659b2\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ca0ef2ddc840163b27423f6ede4ddb23\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\09a71502394e43062c81789367f22d1e\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Windows\System32\IccLibDll.dll ()


    ========== Services (SafeList) ==========

    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
    SRV - (CodeMeter.exe) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
    SRV - (IconMan_R) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


    ========== Driver Services (SafeList) ==========

    DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
    DRV - (catchme) -- C:\Users\Korisnik\AppData\Local\Temp\catchme.sys File not found
    DRV - (TrueSight) -- C:\Windows\System32\TrueSight.sys ()
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
    DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
    DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation)
    DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation)
    DRV - (RSP2STOR) -- C:\Windows\System32\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
    DRV - (iaStorA) -- C:\Windows\System32\drivers\iaStorA.sys (Intel Corporation)
    DRV - (iaStorF) -- C:\Windows\System32\drivers\iaStorF.sys (Intel Corporation)
    DRV - (asmtxhci) -- C:\Windows\System32\drivers\asmtxhci.sys (ASMedia Technology Inc)
    DRV - (asmthub3) -- C:\Windows\System32\drivers\asmthub3.sys (ASMedia Technology Inc)
    DRV - (EtronXHCI) -- C:\Windows\System32\drivers\EtronXHCI.sys (Etron Technology Inc)
    DRV - (EtronHub3) -- C:\Windows\System32\drivers\EtronHub3.sys (Etron Technology Inc)
    DRV - (EtronSTOR) -- C:\Windows\System32\drivers\EtronSTOR.sys (Etron Technology Inc)
    DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
    DRV - (b06diag) -- C:\Windows\System32\drivers\bxdiagx.sys (Broadcom Corporation)
    DRV - (bxois) -- C:\Windows\System32\drivers\bxois.sys (Broadcom Corporation)
    DRV - (bxfcoe) -- C:\Windows\System32\drivers\bxfcoe.sys (Broadcom Corporation)
    DRV - (BFN7x86) -- C:\Windows\System32\drivers\Xeno7x86.sys (Bigfoot Networks, Inc.)
    DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
    DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
    DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
    DRV - (s125mgmt) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
    DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
    DRV - (giveio) -- C:\Windows\System32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 E0 2F 66 FE 55 CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{FFAB1B2F-B3C1-4B3B-8C5B-B07B36694368}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

  10. #20
    Junior Member black_lilies's Avatar
    Join Date
    Oct 2013
    Posts
    27

    Default

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=512435"
    FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://mindmillion.com/inspiration.html"
    FF - prefs.js..extensions.enabledAddons: mintrayr%40tn123.ath.cx:1.1.2
    FF - prefs.js..extensions.enabledAddons: organize-search-engines%40maltekraus.de:1.7
    FF - prefs.js..extensions.enabledAddons: intgcal%40egarracingteam.com.ar:1.2.0
    FF - prefs.js..extensions.enabledAddons: amin.eft_bmnotes%40gmail.com:2.8.1
    FF - prefs.js..extensions.enabledAddons: %7B48f91e76-bc5f-45a7-a03a-6b4e7669df90%7D:1.0
    FF - prefs.js..extensions.enabledAddons: %7Bc07d1a49-9894-49ff-a594-38960ede8fb9%7D:3.1.12
    FF - prefs.js..extensions.enabledAddons: is%40dictionaries.addons.mozilla.org:1.3
    FF - prefs.js..extensions.enabledAddons: %7B8B72860F-C5F8-4286-865E-D2C2DB98A9E6%7D:1.2.3
    FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
    FF - prefs.js..extensions.enabledAddons: format.bar%40codefisher.org:0.1.4.10
    FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3
    FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.4
    FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
    FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
    FF - prefs.js..extensions.enabledAddons: Konverts%40MediaPimp.com:10.3
    FF - prefs.js..extensions.enabledAddons: dcct%40mingyi.org:0.27
    FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
    FF - prefs.js..extensions.enabledAddons: %7B2f17f610-5e97-4fed-828f-9940b7b577a4%7D:19.0.0
    FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
    FF - prefs.js..extensions.enabledAddons: cybersearch%40cybernetnews.com:2.8
    FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
    FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.3.0.1
    FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
    FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
    FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
    FF - prefs.js..extensions.enabledAddons: %7B6E21139C-F48B-11DA-B59C-B582C6649067%7D:0.6.3
    FF - prefs.js..extensions.enabledAddons: charpick%40ryanium.com:0.4.1
    FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.20
    FF - prefs.js..extensions.enabledAddons: %7Bea61041c-1e22-4400-99a0-aea461e69d04%7D:0.2.3
    FF - prefs.js..extensions.enabledAddons: %7Bc72c0c73-4eb0-4fb3-af0f-074e97326cfd%7D:1.4
    FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
    FF - prefs.js..extensions.enabledAddons: backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66%40mozillafirefoxextension:1.0.3
    FF - prefs.js..extensions.enabledAddons: ScrollUp%40saplin.com:1.0
    FF - prefs.js..extensions.enabledAddons: dragtabasshortcut%40antontitov.com:1.01
    FF - prefs.js..extensions.enabledAddons: %7B3bbdd952-cf6f-44a7-9d23-354a8792b598%7D:1.4
    FF - prefs.js..extensions.enabledAddons: shortcuts%40khngai.com:1.9
    FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
    FF - prefs.js..extensions.enabledAddons: savefileto%40mozdev.org:2.5.1
    FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
    FF - prefs.js..extensions.enabledAddons: rainbow%40colors.org:1.6
    FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
    FF - prefs.js..extensions.enabledAddons: support%40todoist.com:3.7
    FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.5
    FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
    FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.3.1
    FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
    FF - prefs.js..extensions.enabledAddons: %7B139a120b-c2ea-41d2-bf70-542d9f063dfd%7D:2.04.1
    FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
    FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:24.0.2
    FF - prefs.js..extensions.enabledAddons: brief%40mozdev.org:1.7.2
    FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.7.14
    FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.3
    FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3.9
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
    FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.5.3
    FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.2.1
    FF - prefs.js..extensions.enabledAddons: %7B5546F97E-11A5-46b0-9082-32AD74AAA920%7D:0.76
    FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.15
    FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:8.2
    FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.38.339
    FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.95
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p="
    FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
    FF - prefs.js..network.proxy.socks_remote_dns: true
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.11.19 18:31:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.08.24 22:42:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.17 10:33:09 | 000,000,000 | ---D | M]

    [2013.05.21 10:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Extensions
    [2013.11.23 21:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions
    [2013.10.02 18:27:24 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    [2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2013.11.16 22:54:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2013.07.23 20:21:47 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
    [2013.08.08 00:03:52 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2013.07.24 23:11:03 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    [2013.11.08 02:07:26 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    [2013.11.02 20:54:53 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    [2013.05.25 17:48:07 | 000,000,000 | ---D | M] ("Converter") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
    [2013.11.01 16:20:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013.07.05 00:33:38 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2013.07.24 23:10:58 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
    [2013.08.12 23:31:02 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    [2013.07.23 20:21:47 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
    [2013.05.22 13:36:01 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\amin.eft_bmnotes@gmail.com
    [2013.07.24 20:18:22 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\cybersearch@cybernetnews.com
    [2013.07.13 10:43:07 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\donottrackplus@abine.com
    [2013.05.22 01:00:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2013.07.24 23:11:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxmarks@kei.com
    [2013.10.26 22:16:08 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\foxyproxy@eric.h.jung
    [2013.09.13 22:04:51 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\fr-dicollecte@dictionaries.addons.mozilla.org
    [2013.08.20 15:33:39 | 000,000,000 | ---D | M] (Croatian Dictionary (Hrvatski Rjecnik)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\hr-HR-2@dictionaries.addons.mozilla.org
    [2013.10.05 21:03:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\https-everywhere@eff.org
    [2013.11.22 18:09:43 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\idme@abine.com
    [2013.05.24 18:00:28 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\is@dictionaries.addons.mozilla.org
    [2013.06.27 16:30:18 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\isreaditlater@ideashower.com
    [2013.07.19 08:38:18 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab &amp; More) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\Konverts@MediaPimp.com
    [2013.05.22 00:48:56 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\mintrayr@tn123.ath.cx
    [2013.09.19 13:45:19 | 000,000,000 | ---D | M] (Rain Alarm Extension) -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\rain-alarm@mdiener.de
    [2013.07.27 02:38:22 | 000,000,000 | ---D | M] ("TableTools2") -- C:\Users\Korisnik\AppData\Roaming\mozilla\Firefox\Profiles\x1sb23sa.default\extensions\tabletools2@mingyi.org
    [2013.08.16 16:42:27 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2013.11.07 15:28:35 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\add-to-searchbox@maltekraus.de.xpi
    [2013.08.08 21:30:14 | 000,027,678 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66@mozillafirefoxextension.xpi
    [2013.10.18 14:29:17 | 000,246,524 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\brief@mozdev.org.xpi
    [2013.07.27 02:38:22 | 000,031,018 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\charpick@ryanium.com.xpi
    [2013.08.30 00:37:05 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\client@anonymox.net.xpi
    [2013.08.12 16:09:04 | 000,126,982 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\customizable-shortcuts@timtaubert.de.xpi
    [2013.07.20 00:13:03 | 000,028,980 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dcct@mingyi.org.xpi
    [2013.08.12 15:48:57 | 000,007,979 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\dragtabasshortcut@antontitov.com.xpi
    [2013.06.26 17:05:52 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\facebook@disconnect.me.xpi
    [2013.11.06 18:41:04 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firefox@ghostery.com.xpi
    [2013.10.18 14:29:17 | 000,390,473 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firegestures@xuldev.org.xpi
    [2013.06.02 12:04:06 | 000,162,728 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\format.bar@codefisher.org.xpi
    [2013.11.22 20:52:01 | 000,284,203 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\foxcconverter@gmail.com.xpi
    [2013.08.12 16:15:27 | 000,119,451 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\FxExtPasteNGoHtk@github.lostdj.xpi
    [2013.05.22 05:19:20 | 000,025,955 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\intgcal@egarracingteam.com.ar.xpi
    [2013.05.22 15:14:22 | 000,301,619 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi
    [2013.07.23 22:47:42 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
    [2013.07.21 11:42:40 | 000,193,117 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-A2AGBH3veL3ZV6GOM159BnxtOjg@jetpack.xpi
    [2013.11.06 18:40:58 | 000,568,293 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
    [2013.08.17 11:29:38 | 000,168,986 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack.xpi
    [2013.07.21 11:42:22 | 000,241,099 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-UPq1qFOINa4blezeJa2DpZKATTo@jetpack.xpi
    [2013.09.24 19:02:15 | 000,306,265 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-j3KiX1n7UXrjxQ@jetpack.xpi
    [2013.07.21 11:42:48 | 000,300,648 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-sNaADGzvFyhsSA@jetpack.xpi
    [2013.10.29 19:55:16 | 000,320,988 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
    [2013.11.06 19:51:52 | 000,367,522 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\langpack-hr@firefox.mozilla.org.xpi
    [2013.07.24 23:11:03 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\lazarus@interclue.com.xpi
    [2013.10.09 21:02:59 | 000,320,474 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\mytube@ashishmishra.in.xpi
    [2013.10.11 00:42:49 | 000,159,644 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
    [2013.08.07 22:08:26 | 000,010,666 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\noverflow@sdrocking.com.xpi
    [2013.05.22 01:03:31 | 000,113,783 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\organize-search-engines@maltekraus.de.xpi
    [2013.08.20 15:33:38 | 000,470,162 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rainbow@colors.org.xpi
    [2013.08.08 00:03:52 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\requestpolicy@requestpolicy.com.xpi
    [2013.05.29 18:55:25 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rssicon@jasnapaka.com.xpi
    [2013.08.08 21:30:14 | 000,011,209 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\ScrollUp@saplin.com.xpi
    [2013.08.12 16:20:26 | 000,011,724 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\shortcuts@khngai.com.xpi
    [2013.11.06 07:39:01 | 000,367,561 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\smarterwiki@wikiatic.com.xpi
    [2013.08.27 14:56:58 | 000,011,156 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\support@todoist.com.xpi
    [2013.09.08 02:19:10 | 000,160,818 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabscope@xuldev.org.xpi
    [2013.07.24 23:11:07 | 000,024,038 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi
    [2013.11.16 22:54:02 | 000,059,830 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\zoompage@DW-dev.xpi
    [2013.08.05 01:05:34 | 000,475,365 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
    [2013.10.02 17:42:45 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    [2013.10.05 14:16:11 | 000,132,344 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
    [2013.11.22 18:09:41 | 000,382,345 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
    [2013.10.02 18:27:24 | 000,094,167 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
    [2013.10.31 22:49:48 | 000,217,340 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
    [2013.08.12 16:20:26 | 000,015,234 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{3bbdd952-cf6f-44a7-9d23-354a8792b598}.xpi
    [2013.05.23 14:22:37 | 000,007,404 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{48f91e76-bc5f-45a7-a03a-6b4e7669df90}.xpi
    [2013.10.05 14:25:25 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
    [2013.09.17 11:06:36 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
    [2013.11.05 18:41:03 | 000,243,884 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi
    [2013.07.27 02:38:19 | 000,005,533 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{6E21139C-F48B-11DA-B59C-B582C6649067}.xpi
    [2013.11.09 16:01:13 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013.08.08 00:03:51 | 000,050,761 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
    [2013.10.05 14:05:16 | 000,026,163 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
    [2013.05.24 09:36:25 | 000,447,526 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
    [2013.08.08 00:03:51 | 000,016,921 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi
    [2013.06.26 17:05:35 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
    [2013.10.11 00:42:49 | 001,283,406 | R--- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
    [2013.07.24 23:10:58 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2013.10.31 23:59:13 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    [2013.08.13 22:02:41 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2013.10.01 20:17:08 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    [2013.07.24 23:10:52 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
    [2013.08.08 00:03:51 | 000,057,752 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
    [2013.07.24 22:19:31 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
    [2013.06.26 17:30:02 | 000,000,472 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\10starmoviescom.xml
    [2013.10.04 08:49:19 | 000,000,779 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\a-z-lyrics-universe.xml
    [2013.06.26 17:35:48 | 000,000,675 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\asian-horror-moviescom.xml
    [2013.05.25 21:48:49 | 000,001,500 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\care2.xml
    [2013.05.22 02:00:07 | 000,000,949 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\coolinarika.xml
    [2013.05.22 03:15:46 | 000,000,984 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\dark-lyrics.xml
    [2013.06.07 16:15:19 | 000,000,926 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\deviantart.xml
    [2013.08.07 22:24:09 | 000,001,263 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\duckduckgo.xml
    [2013.11.05 21:19:47 | 000,000,451 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\easy-pdf-search.xml
    [2013.06.19 19:00:36 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\fenopyse.xml
    [2013.05.22 00:49:34 | 000,001,635 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\firefox-add-ons.xml
    [2013.05.22 03:21:55 | 000,009,117 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\flickr.xml
    [2013.08.14 02:29:36 | 000,006,404 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gallica-bnf.xml
    [2013.06.02 20:57:36 | 000,000,526 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\gazetteer-of-british-place-names.xml
    [2013.06.19 15:30:11 | 000,001,733 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\goodsearch.xml
    [2013.06.07 12:28:03 | 000,001,712 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-books.xml
    [2013.07.23 23:41:12 | 000,001,024 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-pagerank-checker.xml
    [2013.05.22 03:22:40 | 000,001,427 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\google-slike.xml
    [2013.07.01 12:01:04 | 000,000,843 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\haro-online--movies.xml
    [2013.05.26 17:19:01 | 000,000,773 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hphosts-online.xml
    [2013.11.09 19:25:01 | 000,000,856 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hrvatski-jezini-portal.undefined.undefined
    [2013.05.24 22:34:33 | 000,000,759 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\hubpages.xml
    [2013.05.22 01:04:15 | 000,012,707 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\imdb.xml
    [2013.08.14 02:45:13 | 000,001,413 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\internet-archive.xml
    [2013.07.01 11:06:59 | 000,001,213 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\isohunt.xml
    [2013.06.27 12:01:26 | 000,001,374 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ixquick-search-engine.xml
    [2013.07.19 23:31:53 | 000,001,419 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\jamie-oliver.xml
    [2013.05.22 03:20:30 | 000,001,355 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\kickasstorrents.xml
    [2013.06.16 00:32:27 | 000,001,443 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\lastfm.xml
    [2013.06.11 15:24:21 | 000,001,464 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\leos-lyrics.xml
    [2013.08.14 03:01:18 | 000,001,109 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\librivox-1.xml
    [2013.05.29 11:19:21 | 000,000,814 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\merriam-webster-online.xml
    [2013.07.01 12:08:05 | 000,001,629 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\monovaorg.xml
    [2013.08.24 18:48:32 | 000,001,602 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\mp3skullcom.xml
    [2013.11.11 18:25:21 | 000,001,121 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\nameberrycom.undefined.undefined
    [2013.07.01 11:12:39 | 000,001,188 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\onebigtorrentorg.xml
    [2013.07.01 11:28:11 | 000,001,479 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ovguide.xml
    [2013.07.23 23:17:23 | 000,000,795 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\phishtank.xml
    [2013.10.05 16:39:15 | 000,000,691 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\podnapisinet.xml
    [2013.07.21 13:02:45 | 000,001,603 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\primewire--1channel--letmewatchthis.xml
    [2013.06.07 00:29:22 | 000,001,324 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\project-gutenberg.xml
    [2013.06.26 16:27:57 | 000,001,869 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\ripple.xml
    [2013.07.02 20:15:36 | 000,000,918 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\scribd.xml
    [2013.05.29 14:11:23 | 000,001,268 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\serious-eats-recipes.xml
    [2013.05.22 03:15:07 | 000,000,920 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\songmeanings.xml
    [2013.10.05 16:38:39 | 000,001,122 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\subtitlecubecom.xml
    [2013.07.23 23:37:12 | 000,000,507 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\sucuri-security--website-malware-scan.xml
    [2013.11.05 21:22:36 | 000,001,392 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-audiobook-bay.xml
    [2013.07.17 22:11:20 | 000,040,970 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-cornell-lab-of-ornithology.xml
    [2013.05.29 11:32:05 | 000,001,110 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-free-dictionary.xml
    [2013.05.22 03:19:23 | 000,001,466 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\the-pirate-bay.xml
    [2013.10.08 22:01:22 | 000,000,666 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\torrentz.xml
    [2013.08.17 01:09:37 | 000,001,027 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\urban-dictionary.xml
    [2013.08.07 23:44:29 | 000,000,502 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\userscriptsorg.xml
    [2013.05.29 11:27:36 | 000,001,588 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\vegan-soapbox.xml
    [2013.05.22 06:14:08 | 000,001,231 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wayback-machine.xml
    [2013.05.29 10:59:38 | 000,001,818 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikimedia-cookbook.xml
    [2013.05.29 10:50:25 | 000,001,266 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikipediaorg.xml
    [2013.05.29 10:55:30 | 000,000,557 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wikivet.xml
    [2013.07.09 22:19:40 | 000,001,318 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wolframalpha.xml
    [2013.05.23 22:16:58 | 000,001,791 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\wot-web-of-trust.xml
    [2013.05.22 01:03:48 | 000,001,136 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\x1sb23sa.default\searchplugins\youtube.xml
    [2013.11.17 10:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013.11.17 10:33:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013.08.24 22:42:58 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
    File not found (No name found) -- C:\USERS\KORISNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1SB23SA.DEFAULT\EXTENSIONS\SAVEFILETO@MOZDEV.ORG.XPI
    [2013.08.24 22:41:59 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google.hr (Enabled)
    CHR - default_search_provider: search_url = https://www.google.hr/search?output=search&sclient=psy-ab&q={searchTerms}&btnG=&oq=&gs_l=&pbx=1
    CHR - default_search_provider: suggest_url = ,
    CHR - homepage: http://www.google.hr/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - Extension: Google disk = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google pretrau017Eivanje = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: DoNotTrackMe = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0\
    CHR - Extension: Foxy Proxy Standard = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.8_1\
    CHR - Extension: avast! Online Security = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
    CHR - Extension: RealDownloader = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
    CHR - Extension: Google Karte = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
    CHR - Extension: Google Nov\u010Danik = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: TS Magic Player = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.29_0\
    CHR - Extension: Gmail = C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013.11.22 21:42:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\e2f45e99-3cd5-48e5-a5a7-81341b74840f.exe (AVAST Software)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
    O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
    O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk = C:\Program Files\Wipe 2013\wipetray.exe (PrivacyRoot.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013.11.23 21:51:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013.11.23 21:41:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013.11.23 21:25:08 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Korisnik\Desktop\JRT.exe
    [2013.11.23 18:50:09 | 001,070,944 | ---- | C] (Solid State Networks) -- C:\Users\Korisnik\Desktop\install_flashplayer11x32_mssd_aaa_aih.exe
    [2013.11.23 14:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013.11.23 00:52:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013.11.23 00:49:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013.11.22 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Local\temp
    [2013.11.22 16:59:17 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013.11.21 20:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
    [2013.11.21 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\SystemRequirementsLab
    [2013.11.21 20:09:59 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Desktop\RK_Quarantine
    [2013.11.20 15:50:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013.11.20 15:50:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013.11.20 15:50:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013.11.20 15:50:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013.11.20 15:31:51 | 005,147,802 | R--- | C] (Swearware) -- C:\Users\Korisnik\Desktop\ComboFix.exe
    [2013.11.19 18:59:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
    [2013.11.19 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\AVAST Software
    [2013.11.19 18:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2013.11.18 23:12:24 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Desktop\Nova mapa
    [2013.11.17 10:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013.11.15 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013.11.08 09:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013.11.08 09:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013.11.08 09:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013.11.02 20:55:49 | 000,000,000 | ---D | C] -- C:\Users\Korisnik\Documents\iMacros

    ========== Files - Modified Within 30 Days ==========

    [2013.11.23 22:06:32 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.11.23 22:06:32 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.11.23 22:01:10 | 000,001,020 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe tray agent 2013.lnk
    [2013.11.23 21:59:35 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013.11.23 21:59:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
    [2013.11.23 21:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013.11.23 21:59:02 | 1522,028,544 | -HS- | M] () -- C:\hiberfil.sys
    [2013.11.23 21:32:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013.11.23 21:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013.11.23 21:25:20 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Korisnik\Desktop\JRT.exe
    [2013.11.23 21:23:28 | 001,085,542 | ---- | M] () -- C:\Users\Korisnik\Desktop\AdwCleaner.exe
    [2013.11.23 18:50:27 | 001,070,944 | ---- | M] (Solid State Networks) -- C:\Users\Korisnik\Desktop\install_flashplayer11x32_mssd_aaa_aih.exe
    [2013.11.23 01:07:37 | 000,008,010 | ---- | M] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
    [2013.11.23 01:07:37 | 000,002,081 | ---- | M] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
    [2013.11.22 21:42:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013.11.22 18:09:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013.11.22 17:10:13 | 005,147,802 | R--- | M] (Swearware) -- C:\Users\Korisnik\Desktop\ComboFix.exe
    [2013.11.22 16:49:57 | 000,026,624 | ---- | M] () -- C:\Windows\System32\TrueSight.sys
    [2013.11.21 17:19:22 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013.11.20 16:11:42 | 000,666,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013.11.20 16:11:42 | 000,127,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013.11.20 15:30:23 | 003,679,744 | ---- | M] () -- C:\Users\Korisnik\Desktop\RogueKiller.exe
    [2013.11.19 23:02:13 | 000,048,852 | ---- | M] () -- C:\Users\Korisnik\Desktop\kune.jpg
    [2013.11.19 18:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korisnik\Desktop\OTL.exe
    [2013.11.19 18:31:14 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2013.11.19 18:31:13 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2013.11.19 18:31:13 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2013.11.19 18:31:13 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013.11.19 18:31:13 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2013.11.19 18:31:13 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013.11.19 18:31:13 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2013.11.19 18:31:12 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2013.11.19 18:31:04 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2013.11.19 18:31:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013.11.19 18:25:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2013.11.18 23:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Korisnik\Desktop\aswMBR.exe
    [2013.11.18 23:03:00 | 000,891,200 | ---- | M] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
    [2013.11.10 13:47:04 | 000,448,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2013.11.23 21:59:18 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
    [2013.11.23 21:22:39 | 001,085,542 | ---- | C] () -- C:\Users\Korisnik\Desktop\AdwCleaner.exe
    [2013.11.22 16:49:57 | 000,026,624 | ---- | C] () -- C:\Windows\System32\TrueSight.sys
    [2013.11.20 15:50:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013.11.20 15:50:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013.11.20 15:50:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013.11.20 15:50:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013.11.20 15:50:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013.11.20 15:30:18 | 003,679,744 | ---- | C] () -- C:\Users\Korisnik\Desktop\RogueKiller.exe
    [2013.11.19 23:02:00 | 000,048,852 | ---- | C] () -- C:\Users\Korisnik\Desktop\kune.jpg
    [2013.11.18 23:02:24 | 000,891,200 | ---- | C] () -- C:\Users\Korisnik\Desktop\SecurityCheck.exe
    [2013.11.06 14:43:35 | 000,002,081 | ---- | C] () -- C:\Users\Korisnik\Desktop\Eckhart Tolle - The Power of Now_ A Guide to Spiritual Enlightenment.pdf - prečac.lnk
    [2013.11.05 21:35:59 | 000,008,010 | ---- | C] () -- C:\Users\Korisnik\Desktop\Rhonda Byrne - The Secret.pdf - prečac.lnk
    [2013.10.15 08:42:36 | 000,000,090 | ---- | C] () -- C:\Windows\Philip.INI
    [2013.10.15 07:52:46 | 000,000,098 | ---- | C] () -- C:\ProgramData\avalon2.2_WIPE2013.ini
    [2013.10.15 07:52:38 | 000,340,992 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
    [2013.10.15 07:52:34 | 000,340,992 | ---- | C] () -- C:\Windows\sqlite36_engine.dll
    [2013.10.06 00:22:20 | 000,200,148 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2013.08.17 14:29:27 | 109,026,806 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla.rar
    [2013.06.28 17:46:41 | 000,003,342 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\recently-used.xbel
    [2013.06.23 15:58:45 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2013.06.21 09:54:46 | 000,000,096 | ---- | C] () -- C:\Users\Korisnik\AppData\Local\fusioncache.dat
    [2013.06.19 14:41:05 | 000,026,364 | ---- | C] () -- C:\Users\Korisnik\AppData\Roaming\UserTile.png
    [2013.06.19 12:39:35 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
    [2013.06.19 12:34:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\aceg.ini
    [2013.05.26 17:10:37 | 000,000,896 | RHS- | C] () -- C:\Users\Korisnik\ntuser.pol
    [2013.05.21 10:43:00 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013.05.21 10:42:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013.05.21 10:29:27 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2013.05.21 09:28:39 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2013.05.21 09:28:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2013.05.21 09:28:36 | 000,240,004 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
    [2012.12.14 01:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
    [2012.12.14 01:02:20 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
    [2012.12.14 01:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
    [2012.12.14 01:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2012.12.14 01:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2012.12.14 01:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin

    ========== ZeroAccess Check ==========

    [2012.07.14 18:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
    [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •